The White House announced plans on Friday to modernize the federal government's out-of-date cybersecurity practices. Work has been underway for much of the Obama administration, but the Office of Personnel Management hack reported in June must have made it abundantly clear that things weren't progressing fast enough. A 30-day "cybersecurity sprint" launched in the aftermath of the data breach helped kick things into gear, and now U.S. Chief Information Officer Tony Scott writes in a blog post that more lasting changes are in the offing. It won't be easy, though.
Related: Federal Data Breach: Can the Government Protect Itself From Hackers?
"Across the Federal Government, a broad surface area of legacy systems with thousands of different hardware and software configurations contains vulnerabilities and opportunities for exploitation," wrote Scott in a White House blog post. "Additionally, each Federal agency is responsible for managing its own IT systems, which, due to varying levels of cybersecurity expertise and capacity, generates inconsistencies in capability across government."
The five-point list of objectives in the Cybersecurity Strategy Implementation Plan are a bit jargony, but they address the main needs of large organizations under frequent — continuous, even — attack from hackers.
Related: Threat of Foreign Hackers Grows, But U.S. Companies Are Slow to React
According to CSIP, high-value information will be identified and protected using up-to-date technology, acquired and administrated by newly recruited and highly qualified security workers. Hacks are to be detected and responded to quickly, and the damage recovered from just as quickly.
If that sounds a bit vague, don't worry: the actual 21-page memo announcing CSIP (PDF) goes into much greater detail. The work isn't a long way off, either: In fact, the memo lists several tasks that should be completed before the end of the year.
