CISA expects most agencies to be deploying endpoint detection by FY23
The Cybersecurity and Infrastructure Security Agency is helping 26 agencies deploy endpoint detection and response technologies, affording them greater network visibility, and expects that number to reach 53 by the end of fiscal 2022, according to its executive assistant director for cybersecurity.
Testifying before subcommittee of the House Homeland Security Committee Tuesday, Eric Goldstein said CISA has made “tremendous” progress as the cyber operational lead for civilian agencies and wants to work with Congress to annualize American Rescue Plan Act investments in its efforts — starting with the fiscal 2023 budget.
Deploying endpoint detection and response (EDR) tools is one such effort, part of a broader push begun by the Cybersecurity Executive Order (EO) issued one year ago to move agencies from perimeter-based to zero-trust security.
“Not even a year-and-a-half after execution of the executive order, we will have EDR deployments in place and underway at over half of the federal government with more rolling out in the months to come,” Goldstein said. “We have seen great uptake across federal civilian agencies, but the work needs to continue.”
A cross-agency review team with representatives from CISA, the Office of the National Cyber Director and Office of Management and Budget is currently reviewing the zero-trust implementation plans agencies submitted in accordance with the EO.
Among other things, CISA wants to ensure agencies are making the right funding requests to continue the work.
“That’s how we’re going to track progress,” said Chris DeRusha, deputy national cyber director and federal chief information security officer. “We’re going to get specific with each of these agencies and hold them accountable to those plans over multi-year.”
CISA met all of its deadlines under the executive order and continues to bring its Continuous Diagnostics and Mitigation (CDM) program Dashboard 2 and new cyber shared services to agencies.
Other CISA efforts include fully implementing relatively new authorities to conduct persistent threat hunting across agencies’ networks and encouraging adoption of software bills of materials (SBOMs) to provide a granular view into third-party supply chain risks. But all of that requires sustained funding.
“In order to get where we need to be, we need continued focus and continued investment in both cybersecurity and IT modernization across the entire federal civilian executive branch,” Goldstein said.