Federal CyberSecurity will Continue to be Big News in 2018
After more than a year of discussions about Russian election hacking and breaches into federal government databases – such as the IRS and the Securities and Exchange Commission (SEC) – don’t expect hackers to ease up in 2018.
A variety of bills, initiatives and amendments will continue to push federal agencies toward better protecting their data even as top-down directives fund IT purchases that combine cybersecurity product purchases with holistic services to improve security postures.
One of the federal laws most used to help CISOs have more insight into their agency’s cybersecurity purchases by providing them more authority and offering a scorecard – the Federal IT Acquisition Reform Act (FITARA) – had critical provisions that would’ve expired in 2018.
However, thanks to Congressional action, these provisions will continue at least until 2020. A bipartisan amendment, proposed by original FITARA co-author Gerry Connolly, D-VA, will extend three provisions of the original law: data center consolidation; transparency and risk management of major IT systems using the IT Dashboard; and IT portfolio, program, and resource reviews using PortfolioStat.
“Congressman Connelly is spot on with his prior assessment that agency CIOs do not have the ‘necessary authority to effectively manage IT investments’,” said Sword & Shield Federal Vice President Raymond Kahre. “The 2018 federal cyber initiatives detailed herein require nimble and collaborative public-private partnerships in order to bring the right technologies and cyber expertise to market to combat ever-evolving threats.”
Recent FITARA scorecards have shown that most federal agencies are riddled by cybersecurity vulnerabilities and a recent study shows that the U.S. government still lags behind its enterprise peers in prevention and remediation.
Other 2018 federal cybersecurity initiatives include:
- A $33.2 billion IT fund included in the 2018 National Defense Authorization Act that the Department of Defense (DoD) can use to upgrade automation, cloud computing and cybersecurity.
- The implementation of the Federal CyberSecurity Workforce Assessment Act that requires the Office of Personnel Management to assign new classification codes for cyber positions. This is expected to be completed in April.
- A National Institute of Standards and Technology (NIST) update to its Framework for Improving Critical Infrastructure CyberSecurity that include new section on authorization, authentication, identity-proofing and vulnerability disclosures.
- Updates to the cybersecurity of voting machines. The Department of Homeland Security (DHS) will work with the Election Infrastructure Subsector Government Coordinating Council on a plan for securing election systems now that they are considered critical infrastructure.
- Military leaders will continue to recruit more cyber-warriors. The US Army, for example, has launched a program to directly commission civilians with technology and cybersecurity backgrounds. Other branches are also planning to acquire technology that helps fill workforce gaps.
In general, experts predict that malware will get smarter, consumers will expect the federal government to better protect them from cyber threats and the security of the Internet of Things (IoT) will continue to pose headaches.
These threats all effect the federal government as it also deals with malware, breaches and an increase in both Cloud technology and IoT use.
Sword & Shield Federal wants to be your industry partner for a secure future. Please call us at 800-860-0075, email us at firstname.lastname@example.org or fill out a consultation request so we can start providing your agency with the right solutions to combat emerging threats.