CSIS report due tomorrow will recommend revising a longtime OMB policy with ‘continuous monitoring’ of government systems and networks
A new national cybersecurity law may not be on the horizon anytime soon, but there could be a simpler and less politically charged way to shore up security, at least among U.S. government agencies. Former Office of Management and Budget (OMB) officials and others are proposing changes to an OMB policy they say would better protect agencies from today’s advanced attacks.
The Center for Strategic and International Studies (CSIS) Technology and Public Policy Program tomorrow will issue recommendations for updating 12-year-old OMB requirements to call for continuous monitoring in federal agencies to help thwart today’s attacks. The goal is to replace a current compliance checkbox approach and mentality with a method that automates the monitoring and patching of vulnerabilities in government systems as a way to improve security, according to authors of the report, three of whom are former OMB officials.