New White House Cyber Strategy Points to Future Opportunities

Published: November 11, 2015

Critical Infrastructure ProtectionCybersecurityGSADHSIT WorkforceOMBPolicy and LegislationShared ServicesWHITE HOUSE OFFICE (EXECUTIVE OFFICE OF THE PRESIDENT)

The White House has released its Cybersecurity Strategy and Implementation Plan (CSIP), including key milestone dates for the rest of fiscal year (FY) 2016 that point to areas of potential opportunity for industry.

The Cybersecurity Strategy and Implementation Plan (CSIP) applies to federal civilian agencies and emphasizes the need for a defense-in-depth approach to information security that “relies on the layering of people, processes, technologies, and operations to achieve more secure Federal information systems.” The approach recognizes what the National Institute of Science and Technology (NIST) calls the need to create “variable barriers across multiple layers and missions of the organization” through integrating all the elements of cyber defenses.

The CSIP was announced by Federal CIO Tony Scott in a White House blog post. It sets the following five objectives to strengthen civilian agency cybersecurity:

  1. Prioritized Identification and Protection of high value information and assets;
  2. Timely Detection of and Rapid Response to cyber incidents;
  3. Rapid Recovery from incidents when they occur and Accelerated Adoption of lessons learned from the Sprint assessment;
  4. Recruitment and Retention of the most highly-qualified Cybersecurity Workforce talent the Federal Government can bring to bear; and
  5. Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology.

The CSIP goes on to describe in greater detail not only what they are seeking to achieve, but also some actions and effort on which OMB will focus to achieve the objectives.

Key CSIP Milestones in FY 2016

Included in the plan are specific milestones in FY 2016 that OMB, NIST, DHS and others are working toward achieving as part of the overall strategy, addressing many of the broad objectives enumerated above. The OMB memo organizes the milestones by objective, but I have organized them a little differently by quarter and date. (See Table below.)

Implications

The various objective areas address areas of people, process and products which will drive demand for cybersecurity goods and services. The Response objectives of OMB issuing Incident Response (IR) best practices and the upcoming GSA IR contract vehicle sends a clear signal that agencies will look to contracted services and products to aid in improving agencies’ IR capabilities. Updates to agency PII protection and breach response and recovery guidance could also add fuel to these efforts. While the newly-forming CIO Council subcommittee on the rapid deployment of emerging technology may take some time to weigh in, the results may bode well for both agencies and solutions providers.

Agencies continue to identify and inventory critical information and IT assets as part of their evolution toward continuous monitoring (CM) and other capabilities under the progressing Continuous Diagnostics and Mitigation (CDM) program. Depending upon which tier they fall within the CDM deployment plan and the maturity of their IT asset inventories, agencies may leverage contracted IT support services to ready themselves for CDM. Ongoing federal workforce challenges and the move to build shared services will likely reinforce this demand. They may also need related acquisition support all along the way.

All of these factors and more are drivers behind Deltek’s cybersecurity market growth optimism, as reflected in our recent report Federal Information Security Market, FY 2015-2020.