OMB Releases Damning Report on U.S. Govt’s Inability to Counter Cyber Threats
OMB (Office of Management and Budget) oversees the implementation of the president’s objectives in the areas of policy, budget, management and regulation. To that end, the recent government-wide cybersecurity risk assessment, carried out by the OMB, in coordination with the Department of Homeland Security (DHS), highlights several serious issues that continue to imperil federal cybersecurity and ultimately put the nation at risk.
The risk report examined federal agencies’ ability to, “identify, detect, respond, and if necessary, recover from cyber intrusions, in accordance with Executive Order 13800.
The OMB and DHS found that 71 of 96 agencies have cybersecurity programs that are either at risk or high risk. The OMB and DHS assessed the performance of 96 agencies across 76 metrics and identified the four core actions they deemed necessary to address cybersecurity risks across the Federal enterprise.
Increase cybersecurity threat awareness among Federal agencies by implementing the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks
Thirty-eight percent of federal cyber incident reports lacked an identified attack vector, which means that in roughly 4 out of 10 cyber incidents, it was not known who the attacker was. And, in terms of bolstering communication of cyber risks, just 59 percent of agencies reported having processes in place to communicate cyberrisks across their enterprises.
Standardize IT and cybersecurity capabilities to control costs and improve asset management
The report acknowledged that, “an agency’s ability to mitigate security vulnerabilities is a direct function of its ability to identify those vulnerabilities across the enterprise. Agency risk assessments show that this issue becomes more complex in federated agencies, where there are not standardized procedures or technology across the organization is lacking.
Phishing was also addressed, as phishing attacks remain one of the most common attack vectors across both government and industry. The report notes that standardizing and consolidating email at the enterprise level is an important element of the strategy to secure users. But, some federal agencies report having several, separately managed email services inside their agencies. One agency listed 62 separately managed email services used by its staff, which would make it virtually impossible to track and inspect inbound and outbound communications across that agency.
Consolidate agency Secure Operations Centers (SOCs) to improve incident detection and response capabilities
A measly 27 percent of agencies reported having the ability to detect and investigate attempts to access large volumes of data. The assessment points out that the current situation is untenable, as agencies lack both the visibility into their networks to determine the occurrence of cybersecurity incidents and the ability to minimize the impact of an incident if one is detected.
Drive accountability across agencies through improved governance processes, recurring risk assessments, and OMB’s engagements with agency leadership
With only 16 percent of agencies compliant with the government-wide goal of encrypting data at rest, one of the conclusions arrived at in the report is that there is a lack of accountability for managing risks.
In fact, many have voiced concern over the decision to eliminate these roles and have warned that it will lead to a lack of unified focus against cyber threats.
The report concludes by stating that, “at a time when our reliance on technology is becoming greater and the Nation’s digital adversaries are growing more adept, we must ensure that the Federal Government can secure citizens’ information and deliver on their core missions.”
Next on the agenda, for the OMB, is taking the necessary actions to “implement the Cybersecurity Threat Framework, standardize IT capabilities and tools, consolidate or migrate SOC operations, and drive accountability for cybersecurity risk management across the enterprise.” And, the agency will continue to coordinate with its cross-agency partners, including DHS, NIST and GSA, to ensure that agencies are aware of expectations and available resources. The OMB will also work through the Federal CIO and CISO Councils to ensure that the federal government is moving forward towards improved cybersecurity outcomes.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Python Programming training
Android Development training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Certified Python Programming
Advance Python Training
Reverse Engineering Training
Amazon Web Services Training
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Source Web Development
Source Code Review
Android App Development
Digital Marketing Consultancy
Other Location for Online Courses: