Cybersecurity Executive Order “Strengthening the ......Cybersecurity Risks, 3rd Quarter FISMA CIO...

CybersecurityExecutiveOrder“StrengtheningtheCybersecurityof

FederalNetworksandCriticalInfrastructure”

1

Background• May11th WhiteHouseissuedtheExecutiveOrder

“StrengtheningtheCybersecurityofFederalNetworksandCriticalInfrastructure”– Renewedemphasisoncyberriskmanagement– Managecybersecurityriskasanexecutivebranchenterprise

• Riskmanagementdecisionsmadebyagencyheadscanaffecttherisktotheexecutivebranchasawhole

• May19th OfficeofManagementandBudget(OMB)issuedMemorandumM-17-25,“ReportingGuidanceforEOonStrengtheningtheCybersecurityofFederalNetworksandCriticalInfrastructure”– ProvidesadditionalguidancetosupplementtheEO

2

SevenAreasofFocus

3

Focus Area

1.DocumentRiskMitigationandAcceptance Choices

2.DescribeActionPlantoImplementNISTCybersecurityFramework

3.ProvideCurrentITArchitecturetoEvaluateSharedServices

4.IdentifyCapabilitiesSupportingCybersecurityofCriticalInfrastructure

5.AdviseonResilienceAgainstBotnetsandOtherAutomated,DistributedThreats

6.ReportonDeterrenceandProtectionOptions

7.DocumentInternationalCybersecurityPriorities

HighLevelProcessandTimeline

•BureauEnterpriseCybersecurityRiskstoTreasuryonJune16th•BureauFISMACIOMetricstoTreasury(3° Quarter)•DiscussionsonNISTCybersecurityFrameworkImplementation

•WhiteHouseissuesCybersecurityEOonMay11th

•OnepageOMBRiskAssessmentsoneachDepartment(anticipatedonJuly28th)

•ConsolidatedDepartmentalResponseonEnterpriseCybersecurityRisks,3rdQuarterFISMACIOMetrics,andNISTCybersecurityFrameworkImplementationActionPlantoOMBonJuly14th

•OMBissuesM-17-25MemorandumonMay19th

•DepartmentalReviewofRiskAssessmentandwrittenresponse(DueAug9th)

•OMB&DHSprovidereporttotheWhiteHouse(nosoonerthanAug9th)•OMB&DHSwillworkwithagenciestoimprovecybersecurityriskmanagement(Unknown?)