Where Next for Cybersecurity in the Federal Government? – Government Technology

Where Next for Cybersecurity in the Federal Government? – Government Technology

If you ask state and local government technology or political leaders what interests them most about cybersecurity direction coming from Washington, D.C., the response would likely be something like this: “Send me dollars! We need grants! We need more funding and resources help to address cyber threats.”

Indeed, the bipartisan infrastructure bill that keeps getting delayed includes broadband upgrades, as well as new cybersecurity funding for state and local governments to protect their critical infrastructure.

The Infrastructure Investment and Jobs Act (INVEST) passed the Senate months ago. When it becomes law, it designates $1 billion for the State, Local, Tribal and Territorial (SLTT) Cyber Grant Program within the Cybersecurity and Infrastructure Security Agency (CISA) over four years.

You can read the entire bipartisan infrastructure plan’s 57-page summary at this CNN website. Based on the latest news at the end of October, it now appears that it could be another month before the bill becomes law.


But meanwhile, many other federal cybersecurity activities continue that likely will be models for state and local government activities going forward. (Some of these may even be tied to CISA grant funding when guidance is provided, so state and local tech and cyber leaders need to pay close attention.)The Federal News Network’s Jason Miller recently wrote a story called “Fast and Furious: The Biden administration’s cybersecurity series.” I like this piece, which begins:

“If the Biden administration’s cybersecurity effort was a movie, it would be ‘The Fast and the Furious’ series.

“Chapter one of the epic was the May executive order where we understood the premise of fast cars, and the cat-and-mouse game of cops and robbers. By the summer, we saw episodes two and three drop through memos around incident response and critical software. Seeing the reaction of the ‘fans’ — or in this case the federal community — the White House doubled down with more action and more drama by releasing the draft zero-trust strategy last month.

“Just last week, the Office of Management and Budget came through with their latest series’ installment — consider this the ‘Fast Five,’ where the street racing crew must buy their freedom from a drug lord and a federal agent gone bad.

“But in the Biden administration’s version, agencies must find their freedom from cyber attackers through the improved use of endpoint detection and response tools. The new endpoint detection and response memo details a series of deadlines for agencies and the Cybersecurity and Infrastructure Security Agency (CISA) over the next 90 to 120 days.”

The article goes on to describe the FISMA reform bill and tested measures to stop cyber attacks. I encourage you to read the entire article, and you can also watch this excellent Bloomberg interview with Brandon Wales, executive director, CISA:


TheHill.com reported this past week that “Biden administration officials outline steps to tackle urgent cyber threats”:

“Top Biden administration officials on Thursday outlined steps taken to confront the increase in cyber threats against the nation, including through strengthening key critical infrastructure groups.

“National Cyber Director Chris Inglis detailed these steps in both a strategic intent document issued by the White House and an op-ed in The Wall Street Journal, prioritizing issues including enhancing federal cybersecurity efforts, improving public-private coordination and shoring up resources and resilience to face cyber threats. …

“As part of efforts to strengthen federal cybersecurity, Inglis announced Thursday that Federal Chief Information Security Officer (CSIO) Chris DeRusha would also take on the role of deputy national cyber director for federal cybersecurity.

“’That is not a subjugation of his authorities to the national cyber director, it’s an alignment and a harmonization, such that we’ll make sure that what we do we do together,” Inglis said at CSIS. ‘If you are a CISO in the federal enterprise, we are finishing each other’s sentences. We are not going to give conflicting guidance, it will always be complementary.’”

Chris DeRusha, who was the chief security officer in Michigan before joining the Biden presidential campaign team and later the Biden administration, continues to outline a series of steps to strengthen federal cybersecurity across all agencies.

Why is this significant for state and local governments? Besides the importance of partnerships, the steps taken at the federal level often portend what will be coming to states soon. The support that so many local governments want will often come with strings attached, and I expect that to become clearer in 2022 and beyond.

I also want to be clear that I am an advocate for what this federal team is doing, and I applaud their bold actions to strengthen cyber defenses at a fast pace.


This video shows that the vital importance of cybersecurity has risen to the highest levels of the political agendas in Washington, D.C.

The good news is that (so far) cybersecurity has received bipartisan support. Leaders on both sides of the aisle understand, at least at a basic level, that ongoing failure is not an option in our digital economy with so many critical components connected in cyberspace.

We all need to do more, and the federal cyber leadership team is pointing the way at the moment.

Source: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/where-next-for-cybersecurity-in-the-federal-government