EXECUTIVE SUMMARY:

Last week, two notable cybersecurity-related occurrences took place. The White House Office of Management and Budget issued a report saying that most federal agencies are not prepared for cyberattacks against their networks. And, a massive botnet (VPNFilter) with ties to Russia infected more than 500,000 routers across 54 countries. Today, the Department of Commerce and Department of Homeland Security (DHS) released a report on how the federal government can combat botnets or infected IoT networks.

Derek Hawkins reports in The Washington Post reports, “Of the 96 federal agencies examined, a whopping 71 were relying on cybersecurity programs deemed ‘at risk or high risk.’”

According to The Hill, “The latest report largely resembles the draft report issued by the two federal agencies in January.” In that report, six key themes were outlined, along with five supporting goals to address the challenges.

Principal themes from the report:

1. Automated, distributed attacks are a global problem that require working closely with international partners.
2. Effective tools exist, but are not widely used, which calls for changes that ensure these tools become part of common practice.
3. Products should be secured during all stages of the lifecycle, to minimize the risk of automated, distributed threats.
4. Awareness and education are needed to help businesses and citizens understand the threat landscape.
5. Market incentives should be more effectively aligned to create a better balance between security and convenience when developing products.
6. Automated, distributed attacks are an ecosystem-wide challenge that requires a collaborative front.

To address these themes, the Department of Commerce and DHS outline five goals in their draft report:

Goal 1: Identify a clear pathway toward an adaptable, sustainable, and secure technology
marketplace.
Goal 2: Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
Goal 3: Promote innovation at the edge of the network to prevent, detect, and mitigate
automated, distributed attacks.
Goal 4: Promote and support coalitions between the security, infrastructure, and operational technology communities domestically and around the world.
Goal 5: Increase awareness and education across the ecosystem.

Given that the White House eliminated the top cybersecurity post several weeks ago, one would think this is an encouraging sign that at least cybersecurity is being addressed. Then again, as Hawkins points out in The Washington Post, “In theory, orchestrating an action plan after this report would be right in the cyber czar’s bailiwick. But with former cybersecurity coordinator Rob Joyce returning to the National Security Agency and no replacement on the way, there appears to be no obvious advocate in the White House to help agencies improve the very cybersecurity programs the report calls deficient.”

Get the full story at The Washington Post.