close
close

Association-anemone

Bite-sized brilliance in every update

Next admin should ‘improve’ ONCD, says cyber policy roadmap
asane

Next admin should ‘improve’ ONCD, says cyber policy roadmap

A bipartisan cyber policy roadmap for the next presidential administration recommends boosting the Office of the National Cyber ​​Director to help strengthen government coordination on pressing cybersecurity threats.

The reportreleased last week by Auburn University’s McCrary Institute, includes a broad set of cyber policy recommendations for the next presidential administration. They were developed by 40 former Democratic and Republican administration officials.

“Maybe I’m a Polianist, but I’m optimistic that this issue will continue to move similarly in whatever direction the country takes,” Frank Cilluffo, director of the McCrary Institute, said in an interview.

“We actually took a step back — what’s working, what’s not, and where do we need to go from here and where do we need to redouble some of our efforts?” he added.

The panel made dozens of recommendations spanning eight “critical themes,” from harmonizing cyber regulations to workforce development.

But as for the inner workings of the federal government, the report focuses on strengthening intergovernmental coordination to “break down silos, improve information sharing, and create mechanisms for rapid and coordinated responses to cyber threats.”

That key is the chicken Office of the National Cyber ​​Director within the executive office of the president. Established by law in 2021, the ONCD advises the president on cybersecurity policy and strategy.

The task force found that ONCD’s role was “pivotal”, but to “fulfil its mandate effectively, ONCD needs enhanced authorities and resources”.

The report recommends doing so by establishing the office as the “lead coordinator for cyber incident response” so that it can orchestrate the efforts of the National Security Agency, the Department of Defense, the Cybersecurity and Infrastructure Security Agency, the FBI and sector risk management agencies (SRMAs).

“The reason we need the NCD is because cyber issues affect so many different departments and agencies that you need a position in the White House to actually bring them all together,” Michael Daniel, a member of the task force and former cyber coordinator at the Obama administration’s National Security Council, said in an interview.

The task force suggests the next administration “empower ONCD with additional authority to drive interagency coordination, including the ability to influence budget allocations for interagency cybersecurity initiatives.”

“Implement integrated portfolio reviews led by ONCD to assess and coordinate cybersecurity investments across the federal government, ensuring the involvement of the Office of Management and Budget,” the report continues. “Create a formal mechanism for ONCD to engage and coordinate SRMA efforts, encouraging a more coherent approach to the challenges specific to the cybersecurity sector.”

Daniel said ONCD’s role should have a broad range of cyber security issues, including resources, authorities, manpower and strategy. The task force also recommends that within the first 100 days of the new administration, ONCD lead a “whole of government” effort to harmonize cyber regulations.

“We have to make sure that office can function and do what I think of as the role of organizing, training and equipping,” Daniel said. “NCD’s role is to ensure that the federal government can accomplish the cyber mission.”

SRMA roles

But the report doesn’t just focus on ONCD’s role. It also recommends that the next administration strengthen the “SRMA” agencies that each oversee distinct sectors of critical infrastructure.

“Establish clear lines of responsibility within the SRMA, ensuring that those with decision-making authority also have the ability to influence the allocation of resources and the implementation of cybersecurity measures,” the report recommends. “Develop clear metrics and performance indicators to assess SRMA’s effectiveness in improving the cybersecurity posture of their sectors.”

The task force also suggests that the Biden administration missed an opportunity with national security memorandum-22 review how agencies approach critical infrastructure, as well as the potential to add new sectors such as space.

“NSM-22 has maintained a sectoral structure that is likely outdated and missed an opportunity to better align with NATO allies,” the report said. “The structure of the sector should be freshly assessed against a set of defined and transparent criteria to capture the cyber risk environment.

Consolidation of CISA

The report further recommends strengthening CISA. The Cyber ​​Agency coordinates cyber security operations among civilian agencies. It also serves as the “national coordinator” for critical infrastructure.

CISA has increased in both authority and resources throughout the Biden administration. But the task force found that “challenges remain in terms of its authority to compel action by other federal agencies, its ability to streamline and/or integrate the federal government’s engagement with the private sector, and its own capacity, given the limitations of long-term resources to engage effectively with the private sector.”

Strengthening CISA will involve providing “adequate funding for CISA’s operational systems and
managed service offerings for federal agencies,” as well as clarifying the agency’s roles and responsibilities “to avoid duplication with other agencies while ensuring it has the authority, resources and staff necessary for its mission,” according to the task force.

Daniel said CISA should have a much stronger role in managing cybersecurity within federal civilian agencies, similar to how the General Services Administration provides products and technologies within the federal government.

“Part of the deal for agencies is, ‘Hey, you can get rid of something you don’t like that’s dealing with a lot of cyber stuff,'” Daniel said. “Instead, you need to focus your time and effort on the applications that matter to the agency, on the things that matter to the workforce, on the things that help you do your mission better, instead of worrying about IT and cyber security. that will always be a second-order problem for you.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located in the European Economic Area.