Oct 20 2020

CISA Lays Out Plan for Enhancing Cybersecurity

The Cybersecurity and Infrastructure Security Agency is focusing on improving data sharing and dashboards in the next fiscal year.

The Department of Homeland Security’s cybersecurity agency has in recent weeks spelled out a multipronged plan to continue to improve federal IT security by the end of the current fiscal year.

The Cybersecurity and Infrastructure Security Agency is focused on protecting against a large majority of vulnerabilities to high-value assets within agencies. CISA is also going to create a national strategy to enhance the quality of cyberthreat information for agencies. And through its Continuous Diagnostics and Mitigation program, CISA will work to improve its dashboard infrastructure and the quality of cybersecurity data being fed into those dashboards from agency network sensors.

Taken together, the initiatives indicate that CISA is moving to respond aggressively to a recent DHS Inspector General report, which found that in 2017 and 2018, CISA made limited progress in improving the overall quality of information it shares with participants in its Automated Indicator Sharing program. The AIS program is designed to share cyberthreat information between the government and the private sector.

“CISA will build its national cyberthreat information sharing strategy in collaboration and coordination with its partners and stakeholders,” CISA said in response to one of the report’s recommendations. “This national strategy is projected to be completed during the fourth quarter of FY 2021. The estimated completion date is September 30, 2021.”

CISA Aims to Enhance Data Quality, Threat Mitigation

The IG report found that while CISA “has increased the number of cyberthreat indicators and defensive measures shared with program participants,” the AIS information “did not contain enough detail to fully mitigate potential threats.”

Specifically, the report found that “AIS indicators shared with participants did not contain actionable information, including sufficient context or background details to effectively protect Federal and private networks.” The IG report said that examples of contextual information may include IP addresses, domain names or hash files, “which may be helpful for determining the appropriate course of action to mitigate threats against networks.”

As Nextgov reports, “while there were a lot of participants willing to take relevant information, there were very few willing to give it,” leading to poor data quality. The report recommends that CISA “place priority on hiring administrative and operational staff needed to conduct outreach, training, and performance measurement to improve the AIS program’s operational effectiveness.”

In addition to creating the national information sharing strategy, CISA says it plans to “build out and formalize AIS with structure and resources to better manage its indicator sharing and threat information sharing activities.” CISA also expects to complete a “Cyber Threat Information Sharing Roadmap” by the end of 2020, “which will outline the approach needed to improve the operational effectiveness of AIS.”

Meanwhile, in late September, CISA released an update to its action plan for improving federal cybersecurity in fiscal years 2020 and 2021. By Sept. 30, CISA says, its goal is to mitigate within 30 days 75 percent of “critical and high configuration-based vulnerabilities identified through high value asset assessments.”

To help do so, CISA says it will “deliver tools and technical support to fill critical gaps in agencies’ cybersecurity capabilities and leverage policy directives and authorities to establish requirements and expectations for timely mitigation of vulnerabilities.” Those tools will include CDM, cyber hygiene scanning and high-value asset assessments.

CISA also says it will help agencies better manage cybersecurity risks “by tracking exposure to threats and heightening awareness of assets, users, and events on their networks to support risk informed cybersecurity decisions and actions.” Additionally, another core strategy at CISA will be to “defend the federal enterprise and target its efforts toward identifying and preventing the most significant threats through analysis, alerts, and intrusion detection and prevention technologies.”

EXPLORE: How are feds approaching zero trust?

What Is Next for the CDM Program?

In terms of the CDM program itself, CISA is aiming to improve both agency and federal-level dashboards that collect cybersecurity information. The agency wants to improve the quality of the data flowing into the dashboards, MeriTalk reports.

Kevin Cox, the CDM program manager, spoke about CISA’s goals for the program during a virtual event on Sept. 29 organized by Federal News Network.

Improving the dashboards “really opens everything up for us from a scalability viewpoint,” Cox said, according to MeriTalk. “And it opens things up for agencies by ten-fold, or even 100-fold,” he said.

Enhanced dashboard infrastructure, Cox said, will “help agencies with risk management, getting in front of risk, and understanding risk.”

Cox added that CISA wants “to ensure that the quality of the data coming up from the sensors is there, and then really operationalize the data” to help agencies better understand their cybersecurity risks.

gorodenkoff/Getty Images