OMB Switches to ‘Risk-Based Approach’ to Cybersecurity Incident Response - FEDweek

Federal Manager's Daily Report Some requirements, such as the retention of vast quantities of logging data without clear utility, proved neither operationally feasible nor cost-effective for most agencies. Image: Valerii Evlakhov/Shutterstock.com By: FEDweek Staff OMB has revised guidance issued under the Biden administration calling on agencies to improve their capabilities to investigate and remediate cybersecurity incidents which among other things set standards for logging the activities that take place on their systems and retaining and managing those records. Such logging is key for agencies to “understand activity across their systems, recognize events that require attention, and support the analysis and response actions that protect sensitive data and maintain operations,” says OMB memo M-26-14. That has become more important since the 2021 memo, it says, as “threat actors have increasingly used automation and artificial intelligence to accelerate attacks against critical systems.” The earlier memo “improved foundational capabilities across agencies. However, some requirements, such as the retention of vast quantities of logging data without clear utility, proved neither operationally feasible nor cost-effective for most agencies. To address these inefficiencies and the evolving cyber threat environment, this memorandum directs agencies to employ a risk-based, prioritized logging approach.” The new guidance puts priority on actions that enable agencies to “monitor network activity in real time, promptly flag anomalous activity, and respond to that activity in a timely manner” and “investigate and perform forensic analysis of network activity after a known or suspected compromise.” “Each agency must pursue these objectives with respect to all information systems owned or operated by the agency or by third parties on the agency’s behalf, including any Internet of Things devices or operational technology that is part of or constitutes such an information system,” it says. Further guidance is upcoming, it says. VA Must Honor Contract with AFGE, Court Rules If OPM’s Proposed RIF Rules Become Final: What Federal Employees Should Do Now Use of Overtime Increased as Staff Decreased at IRS, Says IG Tax Delinquency Growing among Federal Employees, Retirees, Says Audit Forest Service Is Not Reorganizing, It Is ‘Dismantling,’ Says Union See also, Have $1.46M in You TSP? Don’t Worry FERS and Social Security Will Close the Gap New Proposal Made on Long-Running Dispute over Division of FERS Supplement in Divorce Phased Retirement: Rare, but Maybe Worth Going For How Your FERS, Social Security and TSP Payments Get Taxed Federal Retirement Income Calculator