As part of a cybersecurity initiative launched after the disclosure of two major computer hacks of OPM systems—one involving personnel records, the other involving security clearance application files—OMB has said it will create a “federal civilian cybersecurity strategy” with these elements:
Ensuring a robust capacity to recruit and retain cybersecurity personnel; increasing risk awareness of all users; better protection of data at rest and in transit; improving indication and warning; standardizing and automating processes to decrease time to fix vulnerabilities; controlling, containing, and recovering from incidents; buying more secure systems and retiring legacy systems in a timely manner; and decreasing the complexity and number of things defenders need to protect.
The strategy will be drafted by cybersecurity offices of OMB, DHS, DoD and the National Security Council.
The initiative is part of a 30-day “sprint” that also includes previously announced plans to require employees to produce additional verification of identity such as a smartcard when signing into agency systems, as well as to limit the number of employees who have high-level authority in those systems, the changes they can make and the time they can spend during a session, among other steps.
