In response to the evolving threat environment, the Cybersecurity and Infrastructure Security Agency (CISA) is looking to better coordinate cybersecurity operations across the Federal government through a newly released Federal Operational Cyber Alignment Plan, or FOCAL.
CISA Associate Director Michael Duffy said today that CISA released the alignment plan last week within the agency, with the goal of unifying Federal agencies’ cybersecurity efforts and setting clear, achievable cyber targets for agencies to focus on.
“This is something that agencies have asked us [for] ever since the National Cyber Strategy came out,” Duffy said at Crowdstrike’s Gov Threat Summit on March 19 in Washington, D.C.
“Our list of to-dos is growing every day … there’s no question the things that need to happen,” he continued, saying, “The question is how much of this can we actually do this year? What resource requirements do we have, and can we do the things that are most necessary? CISA, can you help us connect the dots? Can you align these capabilities and this strategy to ensure we’re taking meaningful steps and not being overwhelmed?”
“And that’s what CISA did over the last year is build out this alignment plan to ensure that using CDM, using other shared services, we’re able to really wrap our arms around the Federal government challenge to ensure that cybersecurity is advancing at pace with the threat environment,” Duffy said.
Through FOCAL, Duffy said that CISA and other Federal agencies can work collectively and interactively on cyber defense. The plan optimizes current efforts such as CISA’s Continuous Diagnostics and Mitigation (CDM) program “to have that interactive dialogue with CISA but also with your peer agencies,” he said.
Duffy explained that the plan was developed over the past year due to a “massive change” in which CISA shifted its mindset as a shared services provider. Instead of simply providing threat information and guidance to agencies, he said CISA is now providing capabilities that can “reduce and alleviate the burden on agencies to conduct cybersecurity” as much as possible.
In turn, this also provides CISA with vital threat information and operational visibility – which the Biden administration called for in both the 2021 cybersecurity executive order (EO) and last year’s National Cybersecurity Strategy.
The increased dialogue with agencies “has made a tremendous difference,” Duffy said, adding, “That is something that we’re looking to continue to modernize and consider ways that we’re leveraging technology and integration opportunities to really take the next meaningful step forward to get one step ahead.”
