Officials: Cybersecurity Mandates Are important But Don’t Address Funding Needs – Nextgov
Federal officials are keen to meet the latest cybersecurity mandates issued by the Biden administration but are having trouble finding the funding to do so.
When President Biden’s Executive Order 14028, “Improving the Nation’s Cybersecurity,” was released in May, it was widely praised for directing tangible, serious actions to be taken by federal agencies to strengthen the protection of their cyber assets.
How that is translating into boots-on-the-ground actions is causing a lot of pain, however, particularly because there hasn’t been an accompanying boost in agency IT budgets to accomplish it.
The pain was on display during a webcast hosted by the Advanced Technology Academic Research Center Nov. 2 about event logging requirements set by the Office of Management and Budget in late August, which were developed to turn the EO’s policy directives into specific actions.
“For those of us who spent a little bit of quality time with SolarWinds, [we] understand the importance of logs,” said Ralph Mosios, chief information security officer of the Federal Housing Finance Agency, but “we have to maintain logs a lot longer, hot logs and cold logs. It poses challenges for us … How are we going to pay for all this? How are we going to get the people and money to do it? What are we going to do with all these logs besides just collecting them? How are we going to use them proactively? [And] how to prioritize this particular directive with all the others?”
Allison McCall, chief information officer of the National Technical Information Service, agreed.
“As part of the Department of Labor, we’ll be handling this as a group through the CIO Council, the CISO Council, but it definitely poses a challenge,” she said. “We ourselves keep logs, but this memo has a lot of detail, a lot of nuances, so there’s a lot of work that’s got to be done … We want to comply with this memorandum but we also want to increase our efforts as we have more problems in the cybersecurity arena.”
Paul Blahusch, the Labor Department CISO, added that improving the collection of logging data causes downstream challenges, such as storage and network capacity. “How do we make this more valuable than just [collecting] the data?”
While Blahusch’s department is sprawling and complex—he pointed to its 27 mission areas and 77 different FISMA-reportable information systems as examples—other parts of the government face a global challenge.
“We’re the International Trade Administration,” said Joe Ramsey, ITA CISO. “We’re geographically distributed, with over a hundred locations around the world. [It’s] really challenging to do all things cyber, but logging is going to be a particular challenge … We don’t have any funding for this, and what are we going to do with these logs?”
McCall suggested setting up machine learning to digest the huge amounts of logging data and weed out what’s not needed so that agencies can focus their efforts most appropriately. “You have to be able to pare down and home in” on the important stuff, she said. “There’s going to be enormous challenges with this, but it’s important.”
“Correlation is key. You see a failed authentication in one place, it’s not a big deal, but you see it in 20 places …….