Federal CISO hails improving federal agency log management

Progress made by federal agencies with log management is helping to strengthen cybersecurity collaboration between government departments, according to the federal chief information security officer.

Speaking Thursday at the Zero Trust Summit, hosted by CyberScoop, Chris DeRusha noted that the White House had seen significant advances over agencies’ approach to sharing systems data and urged further progress.

He said: “We need this folks, we need it. Because if we can’t know what’s happening in these networks, we can’t know how the bad guys move around. We can’t know when they’re gone.”

DeRusha added: “I’m excited … I know it’s a hard one. But you know what else it’s doing? It’s helping us with centralization. It’s moving the ball forward because it’s forcing around specific things, specific projects to get all the federated components to be working together towards the common goal of getting them data in one place, so we ourselves together.”

Logging, log retention and log management requirements for federal government agencies were included in section eight of the May 2021 Cybersecurity Executive Order issued by the Biden administration in the wake of the SolarWinds attack.

The guidance, contained within the EO, focused on ensuring centralized access and visibility for the highest-level enterprise security operations center of each federal agency, and was followed by a memorandum instructing agencies to increase the sharing of relevant information.

The White House in that memo included a maturity model for event log management intended to guide agencies’ implementation of its requirements across four event logging (EL) tiers: not effective, basic, intermediate, and advanced.

Speaking at the event, DeRusha said he understood the costs associated with log management, and that over time the White House will continue to fine tune logging requirements for agencies.