Curated Content | Thought Leadership | Technology News

Federal Agencies Make Strides but Face Roadblocks in Enhancing Cybersecurity

49 out of 55 requirements met.
Ryan Uliss
Contributing Writer
A task checklist being marked as complete with a cyber shield visible in the background.

A recent review by the Government Accountability Office (GAO) found that the vast majority of leadership and oversight requirements from the 2021 executive order on enhancing the nation’s cybersecurity have been met, with only a few critical tasks remaining incomplete.

President Joe Biden initiated the executive order as a comprehensive mandate designed to safeguard federal information systems from increasingly sophisticated cyberattacks. The GAO’s findings highlight significant progress in implementing this directive, illustrating the federal commitment to advancing cybersecurity measures while also pointing out the challenges in fully achieving the order’s objectives.

Overview of the 2021 Executive Order

The 2021 Executive Order, aimed at strengthening federal cybersecurity defenses, set forth 55 specific requirements to be met by various agencies including the Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST), and the Office of Management and Budget (OMB). According to the GAO report, 49 of these requirements have been fully completed, with five partially finished, and one determined to be not applicable due to timing issues with other requirements.

Key Achievements

The federal agencies have made significant strides in several areas:

  • Enhanced Cyber Threat Information Sharing: Procedures have been developed to improve the sharing of cyber threat information across federal agencies.
  • Guidance on Critical Software Security: Guidelines have been established to bolster security measures for software deemed critical to federal operations.
  • Incident Response Playbook: A standardized playbook for conducting cyber incident responses has been successfully created.

These accomplishments reflect a concerted effort by federal entities to adhere to the directives aimed at bolstering the nation’s cyber defenses.

Areas Needing Improvement

Despite these achievements, some areas have lagged:

  • Cost Analysis and Budgeting: OMB has struggled to fully incorporate a required cost analysis into its annual budget process, which is crucial for ensuring that federal agencies have the resources needed to implement cybersecurity recommendations effectively.
  • Endpoint Detection and Response (EDR): There has been a lack of documented evidence that OMB has worked with agencies to ensure they have adequate resources for deploying EDR technologies, which are vital for detecting and responding to cyber incidents proactively.
  • Log Management: Although OMB has issued guidance on improving log retention and management, it has not demonstrated that agencies have the resources needed for proper implementation.

CISA Facing Challenges

CISA has faced challenges in defining “critical software” for governmental agencies and the private sector, initially struggling to compile and share a list that meets the needs of all stakeholders. While OMB and NIST have successfully met this requirement, a CISA official expressed concerns about potential misinterpretations of the list and announced plans to release a revised version with clearer guidelines.

Additionally, CISA has been criticized for its management of the Cyber Safety Review Board, a multi-agency group with public and private sector members. The board has been scrutinized by Congress and industry leaders for lacking authority and independence. Although CISA officials have indicated progress in adopting the board’s recommendations and improving its operations, the GAO noted that CISA has yet to provide concrete evidence of these implementations, raising concerns about the board’s effectiveness in future incident reviews.

The Wrap

The completion of nearly all the requirements of the 2021 Executive Order is commendable, but the few remaining tasks are crucial for ensuring reliable cybersecurity defenses. The GAO has recommended additional actions for both the Department of Homeland Security and OMB to address these gaps effectively.

As cyberattacks continue to evolve in complexity and scale, the importance of these unfinished tasks becomes even more critical. Completing them will not only enhance current security measures but also set a precedent for future cybersecurity initiatives. The ongoing commitment and adjustments by federal agencies will be essential in maintaining and advancing the cybersecurity framework necessary to safeguard the United States from tomorrow’s cyber threats.

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters