When it comes to cybersecurity, this has been a busy week for the U.S. federal government. From newly proposed laws, to the issuing of guidance documents related to setting cyber security priorities, to IDC's own five-year IT security spending forecast, there was a lot to cover. Here are some of the highlights.
The Government Accountability Office published a study on Dec. Dec. 17 which set priorities for how the U.S. should combat cyber threats. The document, titled CRITICAL INFRASTRUCTURE PROTECTION: Measures Needed To Assess Agencies’ Promotion of the Cybersecurity Framework, basically sets priorities, stating that it will focus mitigation efforts on threats which may have the potential to cause casualties, pilfer intellectual property, damage critical infrastructure or affect the command and control structure of the U.S. military. One key criticism highlighted in the report is that The Department of Homeland Security has not fully developed metrics for assessing its efforts for adopting a cybersecurity framework related to critical infrastructure sectors.
A bit of background: When the 2014 National Defense Authorization Act was passed, it required that the White House issue a policy on how it plans to improve cybersecurity. That document has been overdue. A White House Fact Sheet outlining various Obama Administration efforts related to cybersecurity was issued over the summer, but did not address prioritization and other issues.
In reality, this week's GAO document is more of a broad statement that sets direction rather than focusing on technical solutions. A key phrase is that the government will use "All instruments of power, including military and economic means, should be used in a targeted manner to "create uncertainty in adversaries' minds about the effectiveness of any malicious cyber activities," states the report.
The Reality of CISA
Also this week, it looks like the controversial Cybersecurity Information Sharing Act is finally headed for final approval. Senate passed the Act by a vote of 74 to 21, by essentially merging it into an “omnibus” bill -- a sprawling chunk of legislation that includes a great deal of FY 2016 funding, plus a significant upgrade to NASA's budget. Privacy advocates have long stated that the measure will give companies the ability to share private information and cybersecurity information with federal agencies, including the NSA.
Also this week, IDC Government Insights held a webinar covering IT Security spending forecast through 2020. It gave a good background on current IT security issues, and discussed a new government-focused security program that IDC is launching. After clicking on the link, all visitors need to do is sign in. Then they can access the recorded Webcast.