Final Report on U.S. Government Policies and Public-Private Frameworks to Address Botnets, Security and Resiliency Challenges Released

Share

This post is part of a continuing DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

The U.S. Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), has released the final report on enhancing the resilience of the Internet and communications ecosystem against botnets and automated distributed threats.

Continue reading “Final Report on U.S. Government Policies and Public-Private Frameworks to Address Botnets, Security and Resiliency Challenges Released”

OMB Releases Report on Federal Cybersecurity Risk

Share

This is the first post in a DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

The White House Office of Management and Budget (OMB) released in May 2018 its report to the president on federal cybersecurity risk determination. The report, which responds to the President’s May 2017 Executive Order 13800, entitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” comes as several key reports also required by Executive Order 13800 have been recently released in full or in summary form. The Federal Cybersecurity Risk Determination Report and Action Plan concludes that the recent government-wide cybersecurity risk assessment conducted by the OMB, in collaboration with the Department of Homeland Security (DHS), confirms the need for the U.S. government to take “bold approaches” to improve federal cybersecurity.

Continue reading “OMB Releases Report on Federal Cybersecurity Risk”

Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges

Share

The Secretaries of the Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), in early January 2018 issued a draft report to further public discussion about enhancing the resilience of the Internet and communications ecosystem against botnets and other automated distributed threats. This report continues work initiated under Presidential Executive Order 13800, “Strengthening the Cyber Security of Federal Networks and Critical Infrastructure.”  The report seeks additional public comment on known and evolving risks within and to the ecosystem and aims to forge consensus on what approaches warrant consideration for the government either to adopt or to encourage.  Commenters are asked to evaluate a range of proposed goals and actions to achieve a more resilient ecosystem as well as to address the roles various stakeholders play in achieving and maintaining resiliency of the ecosystem nationally and globally. Comments are due on the draft report by February 12, 2018 and the final report is due the president by May 11, 2018.

Six principal themes emerged from the government’s analysis of prior comments on identifying and mitigating botnet and other cyber threats, namely that:

  • Automated distributed attacks are a global problem;
  • While effective tools exist, they are not widely used
  • Products should be secured during all stages of their life cycle.;
  • Improved education and awareness are necessary;
  • Current market incentives are misaligned; and
  • Automated distributed attacks are an ecosystem-wide challenge.

Continue reading “Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges”

An Early Review of the Trump Administration’s Health Care Cybersecurity Task Force Report

Share

Formed by the Cybersecurity Act of 2015, a task force established to share cybersecurity information between federal government and private industry representatives has released its “Report on Improving Cybersecurity in the Health Care Industry.” They presented six major action items for Congress, the Department of Health and Human Services, other government agencies and private industry.

The Report organized its recommendations under six Imperatives:

  • Define and streamline leadership, governance, and expectations for health care industry cybersecurity;
  • Increase the security and resilience of medical devices and health IT;
  • Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities;
  • Increase health care industry readiness through improved cybersecurity awareness and education;
  • Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure; and
  • Improve information sharing of industry threats, weaknesses, and mitigations.

In a recent alert, we evaluated the action items and draft recommendations prepared by the Task Force, = and discuss how the Trump administration will react to these new proposals.

Read our review of the Health Care Cybersecurity Task Force Report