White House Pressing for Reforms in Cybersecurity Management

The White House wants to enhance its cybersecurity management posture by making it less dependent on self-assessments and turning to more continuous monitoring of networks and outcome-focused measurements, according to a key official in the Office of Budget and Management.

Chris DeRusha, the office’s chief information security officer, said that the OMB is pressing government agencies to provide the data demanded under a cybersecurity executive order issued in May with some “strict governance.” The official said during an Oracle event on Wednesday that personnel in charge of agencies’ cybersecurity have been asked to submit their reports before the appointed deadline.

DeRusha said that the White House wants to tie the EO’s data calls and goals into the Federal Information Security Modernization Act process. He said that the target is for the data to be gleaned from reportage to “fold naturally into FISMA.” It was explained that FISMA is the law governing how executive branch leaders manage cybersecurity across agencies.

FISMA lays out a framework for what agencies should do to defend their information and networks, Federal News Network reported Friday. The law covers maintaining an inventory of IT systems, categorizing data and systems according to risk, and using a system security plan.

DeRusha said that FISMA has not seen any major reforms or amendments since 2014. He noted that much has changed since then and that the law itself stands to benefit from an update. He said the Biden administration is working closely with Congress to keep FISMA relevant and lawmakers are expected to present their amendment proposals soon.

Meanwhile, Senators Gary Peters and Rob Portman recently signaled that they may introduce reforms to FISMA after the recent SolarWinds breach, which affected multiple federal agencies.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now