Modernization

Cyber EO response will involve leaders from every agency, Federal CISO says

Chris DeRusha says his office is working with the Federal CIO and CISO councils to craft new cybersecurity guidance for agencies.

By John Hewitt Jones

June 15, 2021

(Getty Images)

Federal CIOs and CISOs from every agency will be involved in creating new governmentwide cybersecurity guidelines set to be issued as part of President Biden’s recent cybersecurity executive order, according to Federal CISO Chris DeRusha.

DeRusha said Tuesday his office is working with the Federal CIO and CISO councils to ensure information security leaders from across government are involved in drafting the new guidelines.

“Obviously this is a pretty big executive order…it really is an all-of-government exercise,” he said at CyberTalks 2021, hosted by CyberScoop. “CIOs and CISOs will be included in the drafting of every aspect of the guidance. They are going to need to implement them, so they are more than welcome to help us develop them and to make them successful.”

The cyber executive order, issued last month by the Biden administration, requires the Office of Management and Budget to issue a slew of new cybersecurity rules for agencies. It includes a mandate that the OMB should work with the Department of Homeland Security and the General Services Administration over the next 90 days to develop a federal cloud-security strategy and guidance.

Commenting more broadly on the government’s response to last year’s SolarWinds hack, DeRusha said there remains a way to go until basic security measures such as multi-factor authentication and endpoint detection are implemented uniformly across government agencies.

He noted also the importance of senior agency leaders having appropriate emergency plans in place that can be followed in the event of another major cyberattack.

“Agencies need a consistent playbook for senior leaders to work through when an incident like SolarWinds occurs,” he said.

Modernizing federal cybersecurity is just one element of the larger cybersecurity EO. It also calls for increased sharing of threat information between the government and private sector, and for the development of baseline software supply chain security standards for any software sold to the federal government.

Additionally, the order calls for the creation of a national Cybersecurity Safety Review Board, akin to the National Transportation Safety Board.

Cyber EO response will involve leaders from every agency, Federal CISO says

More Like This

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

GAO budget request puts premium on modernization efforts

Federal CIO calls on Congress to fund Technology Modernization Fund

Top Stories

Congressional panel outlines five guardrails for AI use in House

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

Kiran Ahuja to step down as OPM director

More Scoops

Federal agencies take ‘most important’ first step with inventorying cryptography ahead of quantum migration, OMB official says

Inventories to be ‘more central part’ of understanding how agencies use AI under White House guidance

Government leaders share strategies for embracing AI at federal innovation summit

Bipartisan bill would require federal agencies to use AI risk framework, push OMB to issue guidance

OMB draft AI guidance defines role of top agency AI official, adds to inventories

Federal CISO says White House targeting AI procurement as part of conversation on looming executive order, guidance

Ex-White House official says improved artificial intelligence inventories could help OMB guidance

Latest Podcasts

Cyber EO response will involve leaders from every agency, Federal CISO says

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

ManTech leaders discuss innovation and security with Google technologies

Tech

Defense

Cyber

Acquisition