The Office of the National Cyber Director (ONCD) is collaborating with Federal agencies and industry partners to develop a comprehensive update to the U.S. National Cybersecurity Strategy. The first comprehensive review since 2018, the revised strategy is anticipated for release in the fall of 2023. ONCD issued a Strategic Intent Statement outlining the context, purpose, and primary objectives of the updated cross-agency policy, with the goal of creating “a world where digital connectivity…unites the country and the globe in an open, interoperable, secure, and reliable internet.”
ONCD’s stated principal objectives are to:
- Ensure coherence across U.S. Government in cyber policy, action, and doctrine
- Improve public-private collaboration to tackle cyber challenges across organizational boundaries
- Align resources to hold U.S. departments and agencies accountable for the execution of cyber initiatives; and
- Increase present and future resilience to ensure agencies have the workforce, technology, and organizations to meet evolving operational demands
This strategy articulates a vision that relies on integrated “tools and procedures to respond, remediate, and recover (that) will be sufficiently accessible, swift, and effective that perpetrators gain little and what victims there are recover quickly.”
The Evolution of Federal Cybersecurity Mandates
For decades Federal agencies have invested in tools, methods, and strategies to defend enterprise networks, storage, data, and applications. Yet, threat actors continue to target U.S. Federal Government organizations. In parallel, the significant expansion of the remote Federal workforce has accelerated the need for comprehensive and updated strategies to ensure cybersecurity across agency operations.
In response to the rapidly evolving cyberspace environment, the Biden Administration issued an Executive Order on Improving the Nation’s Cybersecurity in May 2021 prescribing an initial timeline for Federal agencies to establish a plan to adopt a Zero Trust Architecture. In January 2022, the U.S. Office of Management and Budget (OMB) released a memorandum to executive agencies and departments about Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. The OMB guidance requires agencies to meet five Zero Trust security goals by the end of GFY 2024. These goals align with the five “pillars” articulated in the zero-trust maturity model developed by the Cybersecurity and Infrastructure Security Agency (CISA)—Identity, Devices, Networks, Applications and Workloads, and Data.
Preparing for Future Cybersecurity Compliance
There are practical steps that government organizations can take now to improve cybersecurity architectures, awareness, and threat response capabilities, in anticipation of the updated strategy. A productive starting point is establishing periodic reviews of enterprise cybersecurity architectures and procedures. The results will help agency managers set priorities for technology investments, staffing, and infrastructure. Recommended areas for internal cyber-audits include:
- Inventory the Installed Cyber Solutions
- Are current tools still required/in use by the organization?
- Does the agency have the budget, personnel, and training to effectively use the tools?
- Is there duplication/overlap of capabilities?
- Identify Non-Integrated Tools and Processes
- Is there a migration path for stand-alone cybersecurity solutions?
- Can single-purpose technologies be replaced by more cost-effective, integrated alternatives?
- What is the current utilization of legacy and/or proprietary tools and reporting?
- Consider Consolidation
- Are budget and staffing resources aligned with current cybersecurity requirements?
- Can the enterprise consolidate tools to limit the number of vendors, training, and licensing fees?
- How can security from the cloud to the network edge be improved by simplifying the number and type of deployed solutions?
- Securing the Supply Chain
- Do installed cybersecurity tools comply with current and evolving secure supply chain requirements?
- Are trusted alternatives available for third-party solutions that may not meet current security standards for product design, development, manufacturing, delivery, and support?
- Can the agency demonstrate its compliance with secure supply chain policies?
Agencies that rely on integrated cybersecurity tools and strategies already benefit from enhanced visibility of dynamic network threats, as well as reduced administrative burdens for routine security management and optimized budgeting that aligns with organizational priorities.
Fortinet Federal Focuses on Trusted Cybersecurity for Government
Fortinet Federal Inc. (FFI) is dedicated to bringing recognized expertise and commitment to U.S. Government agencies to advance their cybersecurity programs and capabilities. When your organization is ready to explore the options to modernize and simplify cybersecurity that aligns with your mission and business objectives, Fortinet Federal is ready to help. To learn more, visit www.fortinetfederal.com