This week, CISA announced a new plan to align the “collective operational defense capabilities” of over 100 US central Government agencies outside defense to reduce their cyber-risk.
CISA notes in the plan that there is currently “no cohesive or consistent baseline security posture” across agencies, which fails to consider the current threat environment and the complex digital ecosystem.
The plan, known as FOCAL, for Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment, sets out both “broad organizing concepts for federal cybersecurity” and tactical guidance agencies should implement in the coming year. It covers five areas of cybersecurity including:
- Asset management
- Vulnerability management
- Defensible architecture
- Cyber supply chain risk management
- Incident detection and response
While CISA stresses that each FCEB agency has its own mission, supported by its own networks and systems, with standardization and consistency, CISA also believes that a collective approach to cybersecurity will further reduce risks across all federal cyber defenses as agencies interact with each other and share data.
Emily Phelps, Director, Cyware had this to say:
“CISA’s FOCAL plan highlights the value of collective defense in securing the federal cyber landscape. This approach leverages the strengths and knowledge of each entity to build a more robust defense against evolving threats. The interconnected nature of today’s digital ecosystem means that vulnerabilities in one area can ripple across others, making a collective defense strategy essential for reducing risk. By fostering collaboration, information sharing, and standardization, agencies can more effectively defend against sophisticated cyber adversaries while reinforcing the overall security of the nation’s critical infrastructure.”
Stephen Gates, Principal Security SME, Horizon3.ai follows with this:
“This initiative is not just necessary—it’s long overdue. Now is the time to embrace a proven strategy that aligns with the five key objectives outlined in the plan. Organizations must begin by assessing their own environments, using the same tactics, techniques, and procedures (TTPs) that adversaries use. This ensures they’re effectively managing high-risk assets, identifying and mitigating exploitable vulnerabilities, and fortifying their architectures. This approach should extend to their supply chain, ensuring partners meet the same standards, and that incident detection and response systems are proven to be fully operational.”
This is a good move by the CISA who has a history of coming up with good initiatives to improve cybersecurity inside and outside government. This is something that seriously needs to be copied by the private sector as I think you will see that this is going to be highly effective in terms of deterring cyberattacks.
Related
This entry was posted on September 18, 2024 at 3:40 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA announces “FOCAL”
This week, CISA announced a new plan to align the “collective operational defense capabilities” of over 100 US central Government agencies outside defense to reduce their cyber-risk.
CISA notes in the plan that there is currently “no cohesive or consistent baseline security posture” across agencies, which fails to consider the current threat environment and the complex digital ecosystem.
The plan, known as FOCAL, for Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment, sets out both “broad organizing concepts for federal cybersecurity” and tactical guidance agencies should implement in the coming year. It covers five areas of cybersecurity including:
While CISA stresses that each FCEB agency has its own mission, supported by its own networks and systems, with standardization and consistency, CISA also believes that a collective approach to cybersecurity will further reduce risks across all federal cyber defenses as agencies interact with each other and share data.
Emily Phelps, Director, Cyware had this to say:
“CISA’s FOCAL plan highlights the value of collective defense in securing the federal cyber landscape. This approach leverages the strengths and knowledge of each entity to build a more robust defense against evolving threats. The interconnected nature of today’s digital ecosystem means that vulnerabilities in one area can ripple across others, making a collective defense strategy essential for reducing risk. By fostering collaboration, information sharing, and standardization, agencies can more effectively defend against sophisticated cyber adversaries while reinforcing the overall security of the nation’s critical infrastructure.”
Stephen Gates, Principal Security SME, Horizon3.ai follows with this:
“This initiative is not just necessary—it’s long overdue. Now is the time to embrace a proven strategy that aligns with the five key objectives outlined in the plan. Organizations must begin by assessing their own environments, using the same tactics, techniques, and procedures (TTPs) that adversaries use. This ensures they’re effectively managing high-risk assets, identifying and mitigating exploitable vulnerabilities, and fortifying their architectures. This approach should extend to their supply chain, ensuring partners meet the same standards, and that incident detection and response systems are proven to be fully operational.”
This is a good move by the CISA who has a history of coming up with good initiatives to improve cybersecurity inside and outside government. This is something that seriously needs to be copied by the private sector as I think you will see that this is going to be highly effective in terms of deterring cyberattacks.
Share this:
Like this:
Related
This entry was posted on September 18, 2024 at 3:40 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.