Federal Inspectors Want to Double-Check How Agencies Fared During 'Cyber Sprint'

Internal watchdogs want to double-check that agencies have made as much progress practicing basic cyber hygiene as they told the White House in July. The Obama Administration in June launched a so-called 30-day cybersecurity sprint, commanding agencies to monitor computer logs, patch critical vulnerabilities and cut the number of "privileged" users with free rein over systems, among other things. “Right now, the agencies and the agency chief information officers are self-reporting a lot of their work” to the Department of Homeland Security and the White House, said Peter Sheridan, assistant inspector general for IT at the Federal Reserve and the Consumer Protection Financial Bureau.

The verification is partly a way for agency inspectors to maintain a role in data integrity oversight. The 2014 Federal Information Security Modernization Act (FISMA) tasked DHS with supervising governmentwide cyber operations. Taking a "collaborative approach," Sheridan said, the inspector general community asked: “Should the IGs now be coming in and validating the responses that the agencies provided” after the sprint? "We've developed a very good working relationship with the folks at DHS," Sheridan said. "I think the IGs will have a discussion once our FISMA work is done to see what other areas we might want to look at that might relate to the cyber sprint," said Kathleen Tighe, chair of the Council of the Inspectors General on Integrity and Efficiency IT committee. Already in the pipeline is a project related to the security of publicly accessible agency websites, she added.