White House and Homeland Security Department officials are adding new metrics to measure the success of redeveloped cybersecurity efforts. (PAUL J. RICHARDS)
Officials at the White House and the Homeland Security Department are redeveloping processes to measure cross-agency efforts to improve federal cybersecurity. The revisions include adding metrics to evaluate success and streamlining methods to gather information.
The government currently measures cybersecurity, among other federal efforts, through its performance.gov website, where agencies currently report to DHS on a quarterly basis on what they’re doing to meet assigned goals and how they’re measuring up. But agency leaders can expect to see those goals change beginning in fiscal 2015, according to a White House official.
Currently the primary cross-agency priority (CAP) goals center on continuous monitoring, trusted Internet connect, and strong authentication or Homeland Security Presidential Directive-12. In fiscal 2015, those goals will shift focus to the build-out of continuous diagnostics and mitigation, more authentication – in particular, user access controls – and anti-phishing and anti-malware activities, said John Banghart, White House director of federal agency cybersecurity.
“The point of these cap goals is to start trying to drive attention,” Banghart said June 18 at a MeriTalk event in Washington. “It’s an attempt to raise awareness across agencies that these are the things you need to be doing; it’s an attempt to try and manage parts of the government more as a whole as opposed to every agency doing their own thing. And it’s designed to try to give us at the White House some perspective on how we’re doing.”
As part of the update to CAP goals, DHS officials, through an interagency effort, also are taking a harder look at the metrics behind the goals. The new measurements will be a subset of FISMA metrics, Banghart said. He also noted that the way information is gathered in reporting will see some changes as well.
“Are we measuring the right things? And even if it is the right thing, are we looking at the right details? Are we getting at the information that we need to be able to make smart choices?” Banghart said. “We’re also looking at how we can streamline efforts. We measure a number of different things and often ask [agencies] the same set of questions in different ways, so they end up having to duplicate their effort. It’s burdensome, so we’re looking at how to streamline and reduce the burden on agency reporting while still getting us the information we want.”