Feds on '30-day sprint' to better cybersecurity
June 15, 2015
As news of the full scope of the breach of Office of Management and Budget systems emerges, Federal CIO Tony Scott launched a government-wide Cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.
During the 30-day sprint, agencies are encouraged to patch all known vulnerabilities; use information provided by Homeland Security to identify and mitigate known threats; limit the number of privileged users and tighten access controls; and "dramatically accelerate" the use of personal identity verification (PIV) cards and other forms of multifactor identification.
Agencies will have to report to OMB and DHS if they are unable to accomplish any of these tasks within the 30-day window. Agencies will also have to report on their progress at the end of the sprint, as well as any challenges encountered.
"One of the big challenges of our time is cybersecurity," Scott said during the opening keynote of the CIO Council IT Symposium on June 15.
"Most of the systems, most of the technology you and I use every day was designed and architected in the 1970s or 1990s," he said, noting even newer systems are built on the same framework. "It's kind of like trying to put airbags on a '65 Mustang — it just wasn't designed for security, wasn't designed for safety."