The cyber agency of the Department of Homeland Security (DHS) is looking to fix 75 percent of Federal agencies critical network vulnerabilities within 30 days of their discovery, according to a goal in the July 2020 update to the President’s Management Agenda (PMA).
Matthew Travis, the deputy director at DHS’ Cybersecurity and Infrastructure Security Agency (CISA) is currently tasked with overseeing the implementation of the goal, which has a completion date of September 30, 2021, at the end of next fiscal year.
To identify the severity of vulnerabilities and their persistence, CISA is using the agency-wide adaptive risk enumeration algorithm, or AWARE algorithm. Eighteen of the 24 CFO Act agencies were reporting AWARE scores up to the Federal Dashboard, according to the July PMA update, but the reliability of the scores had not been fully verified.
CISA is not alone in the Federal government in the effort to shore up the nation’s cyber defenses. The Department of Justice set the goal of conducting 16,000 computer intrusion program detections, disruptions, deterrences, and dismantlements by the end of next fiscal year.
Within the Department of Justice, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) is looking to recover 78 percent of private sector losses, by the end of fiscal year 2021. This recovery rate represents a five percent increase compared to the IC3 recovery rate in fiscal year 2018.