U.S. CIO Orders 'Cybersecurity Sprint' on Agencies' Security

to the Office of Personnel Management (OPM) data breach announced earlier this month (see 1506050042). But the White House noted in a fact sheet distributed to reporters that “recent events underscore the need to accelerate the Administration’s cyber strategy and confront” hackers. The White House has generally had a “laser-like focus” on cybersecurity issues but "it’s hard not to see how this 30-day sprint isn’t connected to the OPM data breach,” said Norma Krayem, co-leader of Squire Patton’s cybersecurity practice. The OPM data breach is to be the subject of two House briefings Tuesday and a House Homeland Security Cybersecurity Subcommittee hearing next week. Tuesdays’ OPM briefings include a 10 a.m. House Oversight Committee hearing in 2154 Rayburn and a 1 p.m. closed all-House briefing that’s to include Homeland Security Secretary Jeh Johnson. A “Cybersecurity Sprint Team” is leading a 30-day review of all federal agencies’ cybersecurity policies as part of the cyber policy push, with members of the team coming from the Department of Homeland Security, the Department of Defense, OMB’s E-Gov Cyber and National Security Unit and the National Security Council Cybersecurity Directorate, the White House said. The U.S. CIO’s office will recommend a federal civilian cybersecurity strategy based on the review team’s findings and will issue action plans to further address critical cyber issues, the White House said. The U.S. CIO’s office is requiring federal agencies to use DHS-provided cyberthreat indicators on their networks and report any malicious activity, the White House said. Federal agencies will also be required to immediately patch critical cyber vulnerabilities, accelerate adoption of multifactor authentication and tighten which network users have “privileged” access.