CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 19, 2026

‘Detect, understand, respond’ driving OMB, CISA’s latest cyber efforts - Federal News Network

Federal News Network Archived Jun 19, 2026 ✓ Full text saved

‘Detect, understand, respond’ driving OMB, CISA’s latest cyber efforts Federal News Network

Full text archived locally
✦ AI Summary · Claude Sonnet


    CYBERSECURITY ‘Detect, understand, respond’ driving OMB, CISA’s latest cyber efforts Nick Andersen, the acting director of CISA, said an intergovernmental effort is providing critical infrastructure owners more help against cyber threats. Jason Miller@jmillerWFED May 28, 2026 4:18 pm           Agencies will soon have new requirements for logging cybersecurity data to better secure their systems and applications against ever-increasing threats. The Office of Management and Budget’s new memo outlining these changes is one of several ways the Trump administration is recalibrating cyber defenses as the threat of artificial intelligence-fueled cyber attacks increase. Acting Federal Chief Information Security Officer Mike Duffy wrote on LinkedIn that the new policy “focuses agencies on what matters most: continuous visibility, rapid detection, effective threat hunting and actionable response capabilities.” And given the recent discovery by Claude’s Mythos of thousands of zero day vulnerabilities in systems that were previously known or not addressed, agencies and industry are being forced to figure out how best to strengthen their partnership against these AI-fueled attacks.         Join us July 21 – 23 for Federal News Network's Space & Satellite Exchange where government and industry leaders will discuss advancing connectivity, resilience and mission reach. Register today! Nick Andersen, the acting director of the Cybersecurity and Infrastructure Security Agency, said he has deep concerns specifically about one type of technology when it comes to cybersecurity vulnerabilities. Nick Andersen is the acting director of the Cybersecurity and Infrastructure Security Agency. “The open source community is one that I’m particularly worried about when we start to think about the rapid escalation of vulnerability discovery. But it is going to result in us having to make some really, really hard decisions on the level of investment that’s going to be required,” Andersen said on May 21 at the Cyber Innovation Summit sponsored by the National Security Institute at George Mason University’s Antonin Scalia Law School. “I think there’s tremendous opportunity here to re-architect areas where we know that they’ve been lacking, to make investments in areas where we know that we’ve been lacking, and to just force some hard security decisions to be made in a way where people thought that their risk profile was different than what it is. When we see the escalation in terms of speed, scale and velocity of vulnerability discovery to weaponization and exploitation, that’s something that a month and a half ago, everybody around here started talking about.” Andersen said agencies still face an uphill climb to get out from under their technical debt that includes many of these vulnerabilities. “What is it that we’re going to try to be able to do to modify our approach to vulnerability management, modify our approach to coordinated vulnerability disclosure and modify our approach to remediation, with the explicit understanding that we’re just not going to be able to keep up using traditional mechanisms with the load that we’re going to see for vulnerability discovery moving forward,” Andersen said. Some of those changes that Andersen is talking about are at the center of OMB’s new data logging policy. Duffy wrote, “Cybersecurity success is not measured by how much data we collect, but by how effectively we can detect, understand and respond to adversary activity.” This is why OMB is emphasizing agencies collect data that supports continuous event monitoring (CEM) and threat hunting, investigation, response and forensics (THIRF).         Sign up for our daily newsletter so you never miss a beat on all things federal “Threat actors have increasingly used automation and artificial intelligence to accelerate attacks against critical systems. These enhanced capabilities can help threat actors rapidly gain unauthorized access to a system, move from that system to others, and maintain their illicit access undetected over a substantial period of time,” OMB wrote in the memo. “To mitigate the risk posed by these intensifying digital threats, agencies need the ability to rapidly detect, respond to and analyze anomalous activity on their networks.” Andersen said the velocity, volume and veracity of threats just reinforces the need to deepen partnerships across the government and with industry. He said a recent incident involving Cloudflare is a good example of where public-private sector partnerships need to go. The company shared with CISA what happened during a recent outage. He said Cloudflare was open and communicative while it was occurring and afterwards. “Then they were willing to come in and talk about a playbook for the future on how they thought people could learn from their best practices from engaging during that incident, and that was just related to an outage,” Andersen said. “As we are building on those playbooks for the future, we start to look at maliciously derived incidents and that is going to be very important to the work that is going to be taken on over the long term.” CISA, Army partnership Another long-term partnership that CISA is pursuing is with the Army and local communities that host military bases. In fact, earlier in May, CISA, the Army, the Federal Communications Commission and others met with local leaders at Fort Bragg in North Carolina to figure out how to ensure military bases are more resilient against cyber attacks. This is part of an ongoing effort by CISA to focus on the resiliency of critical infrastructure providers through an intergovernmental approach called the homeland defense working group. As a part of the Defense Critical Infrastructure Program (DCI), Andersen said the government is changing its approach to critical infrastructure provider protections. “Where I think we have failed in the past with initiatives of how we took on things like section nine designations for companies that we thought were critically important was we would take an entity level view, we would just say ‘Company X, you are very important, here’s your letter saying that you’re very important, best of luck. Maybe we’ve got some opportunities to collaborate with you going into the future,’” he said. “Where we’re trying to get to now is saying there’s a specific function that is critically important, in this case for defense critical infrastructure, and a specific function that needs to be delivered. How can we set real resilience targets associated with that?”         Read more: Cybersecurity Andersen added the end goal of this interagency team is to “achieve a higher level of resilience for defense critical infrastructure,” ensure owners and operators have a path to ease recovery and establish resilience metrics. The DCI is part of how CISA, and the government more broadly, is trying to partner at scale. Andersen said this creates a unified effort that can lead to a good quality understanding of what is the real threat and risk landscape, what are the problems that everyone is trying to solve and how can the government provide resources in a coordinated way. Andersen said this intergovernmental approach is starting to come together to make the relationships with critical infrastructure providers more seamless. “When we start to look at some of our partnership elements, we’re deliberatively working right now to prioritize critical infrastructure owner operator entities that we can get to first. And again, this is all months ago that we started kicking all this stuff off. So, this is not in direct response to any of the things we’ve been talking about recently,” he said. “To develop an intergovernmental approach to a homeland defense working group, we need to look at a good blue space view of what is it that’s most significantly important to us. We started to look at public health and safety, national security and defense critical infrastructure, and continuity of the economy. Then taking a good red space view of looking back at our intelligence holdings from the last several years and saying, this is our view of what we think is important, here’s what the adversary thinks is important, where we actually seen them pre-position [attacks], where we see in their activity, where are we seeing them landing on the infrastructure that they believe is going to be most significant for achieving their objectives. Then looking at that overlap and saying, now how do we go engage with joint action plans with those companies directly, and some of those are technology companies, some of those are critical infrastructure owner operators.” Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.           Jason Miller Jason Miller is executive editor of Federal News Network and directs news coverage on the people, policy and programs of the federal government.  Follow @jmillerWFED Sign up for breaking news. Related Stories OMB revamps cyber event logging requirements CYBERSECURITY Read more Cyber Leaders Exchange 2025: CISA’s Matthew Rogers, INL’s Ollie Gagnon on driving cyber resilience in critical infrastructure CYBERSECURITY Read more Getty Images/Alex Cristi OMB convenes agencies, industry to talk AI for cyber defense CYBERSECURITY Read more Related Topics ALL NEWS ARMY ARTIFICIAL INTELLIGENCE CRITICAL INFRASTRUCTURE CYBER INNOVATION SUMMIT CYBERSECURITY CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY DEFENSE DEFENSE CRITICAL INFRASTRUCTURE INITIATIVE DEFENSE INDUSTRY DEFENSE NEWS MIKE DUFFY NICK ANDERSEN OFFICE OF MANAGEMENT AND BUDGET TECHNOLOGY Around the Web UPCOMING EVENTS Federal Executive Forum Healthcare IT Strategies in Government Progress and Best Practices 2026 Modernizing federal cyber defense in the AI era Defense reimagined: Cybersecurity in the age of intelligent adversaries Securing the states, a CISO series: North Carolina edition From open source to operational security: Integrating OSINT into cyber defense for global missions More TOP STORIES Transparency coming to OTAs, value of VARs REPORTER'S NOTEBOOK Fired DOJ immigration judges granted rare full-court appellate hearing LITIGATION The public’s opinion of civil servants continues to climb WORKFORCE Senate NDAA rejects White House's tiered military pay raise, proposes 3.6% increase CONGRESS DoD’s $9.7B award for Microsoft products derailed by protest CONTRACTS/AWARDS Senate NDAA proposes CMMC grant program CYBERSECURITY
    💬 Team Notes
    Article Info
    Source
    Federal News Network
    Category
    ◇ Industry News & Leadership
    Published
    Jun 19, 2026
    Archived
    Jun 19, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗