In an effort to respond to the rising number of cyber attacks against the U.S. government IT infrastructure, several government-wide initiatives, spearheaded by the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB), are under way:
- Personal Identity Verification: In 2004, the President directed the establishment of a government-wide standard for secure and reliable forms of ID for federal employees and contractor personnel who access government facilities and systems. Subsequently, OMB directed agencies to issue personal identity verification credentials to control access to federal
facilities and systems. OMB recently reported that only 41 percent of user accounts at 23 civilian agencies had required these credentials for accessing agency systems.
- Continuous Diagnostics and Mitigation: DHS, in collaboration with the General Services Administration, has established a government-wide contract for agencies to purchase tools that are intended to identify cybersecurity risks on an ongoing basis. These tools can support agencies’ efforts to monitor their networks for security vulnerabilities and generate
prioritized alerts to enable agency staff to mitigate the most critical weaknesses. The Department of State adopted a continuous monitoring program.
- National Cybersecurity Protection System (NCPS): This system, also referred to as EINSTEIN, and based on DPI (Deep Packet Inspection) technology, is to include capabilities for monitoring network traffic and detecting and preventing intrusions, among other things.
Sources: GAO Reports, U.S. Federal Cybersecurity Market Forecast 2015-2020.