White House Issues Government-wide Cyber Action Plan

The White House on Oct 30 issued a broad new plan designed to better respond to cybersecurity incidents such as those that exposed secrets on millions of citizens as well as government operations. The new guidance, which aims to protect the most high-value information assets the federal government holds, is the latest step in the months-long fallout from the devastating hack of sensitive federal employee files from the Office of Personnel Management revealed summer 2015. The new plan -- a memorandum to the heads of federal agencies and departments from Scott and OMB Director Shaun Donovan -- builds on a 30-day “cybersecurity sprint” this summer, during which Scott’s office called on agencies to immediately tighten online defenses in the wake of the OPM breach. Agency deputy secretaries will be in charge of implementing the plan, according to the document.

The plan lays out an initial set of deadlines. By the end of 2015:

• OMB will issue new “incident response best practices” to agencies
• The Department of Homeland Security will extend the protections under its intrusion-detection system known as EINSTEIN. A new DHS contract will equip all agencies with updated “EINSTEIN 3A” e-mail and network surveillance technology that also blocks certain malicious activities
• Agencies will be required to report all cyber positions to OPM and a group of agency CIOs will create a special subcommittee focused on rapid deployment of emerging technology