A six-month study on federal government cybersecurity has suggested a more centralized approach with the Department of Homeland Security (DHS), particularly the Cybersecurity and Infrastructure Security Agency (CISA), taking on a more significant role in securing civilian networks.
While CISA has gained authority and funding since its creation in 2018, it doesn’t match the authority of its military equivalent, the Joint Force Headquarters – Department of Defense Information Network. The report highlights the complications arising from the decentralized model in which individual civilian agencies are responsible for their own cyber defense, making incident reporting and response challenging.
The report recommends that CISA clearly define its current role and potential future role concerning its mission for federal civilian executive branch agencies (FCEB). However, it acknowledges that advocating for a fully centralized model may face resistance from civilian agencies, and centralization may not necessarily lead to cost savings and may involve some friction. The report calls on Congress to authorize the Joint Collaborative Environment, a virtual platform for sharing threat information, a recommendation from the Cyberspace Solarium Commission, and to provide stable funding sources for Continuous Diagnostics and Mitigation tools for federal civilian agencies.
Additionally, the report suggests that Congress could consider funding a Zero Trust Center of Excellence within CISA to enhance its role in implementing zero trust architecture. It acknowledges this as a more radical approach but also proposes a less radical option of identifying internal and external zero trust experts to assist federal civilian agencies in implementation. Lastly, the report suggests that CISA should simplify its messaging and improve its public outreach by removing outdated content from its website to enhance its effectiveness in promoting cybersecurity.