The Federal government is seeing progress in seven out of 10 key cybersecurity metrics that are being tracked quarterly as part of the President’s Management Agenda (PMA), Federal CIO Suzette Kent said today.
“Just in the last set of CAP [cross-agency priority goals], seven out of 10 core cyber metrics have shown improvement. I’m going for 10 out of 10, but we’re showing progress forward,” Kent said.
The 10 metrics Kent is referring to are known as key performance indicators (KPI) in the PMA. The administration has published updates on these metrics each quarter – most recently for Q3 FY 2018 – which track how well the 23 civilian CFO Act agencies are adopting certain cyber policies and practices.
The cybersecurity KPIs span three categories. The first, “Manage Asset Security,” includes four KPIs: hardware asset management, software asset management, authorization management, mobile device management. The second category, “Limit Personnel Access,” comprises three KPIs: privileged network access management, high value asset access management, and automated access management. The third category, “Protect Networks and Data,” includes the final three KPIs: intrusion detection and prevention; exfiltration and enhanced defenses; and data protection.
Kent did not detail which metrics increased or decreased, but a deeper dive into the PMA’s performance.gov site reveals where agencies excelled, and where they didn’t quite stack up.
The latest update generally supports Kent’s claim, though it is hard to know which of the KPIs she referred to as having improved. The metrics track both the number of agencies that performed better, as well as overall averages across the 23 agencies. Within these tracked figures are a wide range of statistical improvements as well as decreases.
However, it appears that government is struggling most with the “Protect Networks and Data” category. Across all three of the KPIs, there are more agencies that regressed than agencies that improved.
But Kent’s speech today rang with positivity, as she indicated the importance of simply having these metrics readily available – to see how agencies are progressing and mark steps for improvement. Today, she also relayed that the government has created new customer experience metrics.
“Part of the goal was just to establish metrics. We didn’t actually measure citizen feedback in some of the areas,” Kent said.
Rounding out the statistical benchmarks, Kent relayed two more key figures. Sixty-one percent of .gov email inboxes are now using cloud-based solutions, which she said was key to better leveraging collaboration tools and rooting out spearphishing campaigns.
And 85 percent of the tasks in the December 2017 Report to the President on IT Modernization are now complete, Kent said. That’s likely four more tasks that have been crossed off the list of 52 since Kent offered an update at the end of August. The Federal government is looking to close out the remaining eight or so tasks by the end of the calendar year.