The Cybersecurity and Infrastructure Security Agency (CISA) unveiled a new plan Monday to align collective operational defense capabilities across the Federal government and drive down cybersecurity risks to more than 100 Federal Civilian Executive Branch (FCEB) agencies.
The FCEB Operational Cybersecurity Alignment (FOCAL) Plan is organized into five priority areas to provide standard, essential components of enterprise operational cybersecurity and align collective operational defense capabilities across the Federal enterprise.
CISA defines “operational cybersecurity” as the daily activities and processes used by organizations to defend their data and information systems. This includes managing vulnerabilities, sharing cybersecurity information, planning future capabilities, and responding to cybersecurity incidents.
“Each FCEB agency has a unique mission, and thus have independent networks and system architectures to advance their critical work. This independence means that agencies have different cyber risk tolerance and strategies,” CISA said in its Sept. 16 press release. “However, a collective approach to cybersecurity reduces risk across the interagency generally and at each agency specifically, and the FOCAL Plan outlines this will occur.”
The five priority areas for FCEB agencies are:
- Asset management;
- Vulnerability management;
- Defensible architecture;
- Cyber supply chain risk management; and
- Incident detection and response.
“Federal government data and systems interconnect and are always a target for our adversaries. FCEB agencies need to confront this threat in a unified manner and reduce risk proactively,” CISA Executive Assistant Director for Cybersecurity Jeff Greene said in a Sept. 16 statement. “The actions in the FOCAL plan orient and guide FCEB agencies toward effective and collaborative operational cybersecurity and will build resilience. In collaboration with our partner agencies, CISA is modernizing federal agency cybersecurity.”
According to CISA, the FOCAL plan is organized into five priority areas that align with agencies’ metrics and reporting requirements. Each priority has goals ranging from addressing universal cybersecurity challenges such as managing the attack surface of internet-accessible assets and bolstering cloud security to long-range efforts including building a defensible architecture that is resilient in the face of evolving security incidents.
CISA’s new plan aims to create a cohesive and consistent baseline for agencies to manage cyber risk. Each of the five sections of the FOCAL plan consist of “foundational activities” agencies must complete to be aligned.
For example, in priority area one – asset management – agencies will increase operational visibility once they have established a centralized hardware and software inventory database; established automated asset discovery; and documented asset coverage.
“Increased alignment between CISA and FCEB agencies will have real world impact and will shape the actions taken in response to the dynamic threat environment,” CISA said. “The ultimate destination on this shared journey is more synchronized and robust cyber defenses, greater communication, and increased agility and resilience across the federal enterprise, resulting in a more cohesive government enterprise capable of defending itself against evolving cyber threats.”
