New CISA Cybersecurity Priorities Spotlight Manager Vulnerability
Cybersecurity Changes
Until recently, each Federal Civilian Executive Branch (FCEB) agency has had their own approach to cybersecurity, implementing unique and varying cyber risk tolerances and strategies. These variables have led to inconsistencies in the way cybersecurity risks are handled and reported across all agencies.
To try to mitigate these inconsistencies, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced the FOCAL Plan to streamline tracking and reporting of cyber risks across the agencies. The FOCAL Plan has 5 areas of focus to align with agencies’ metrics and reporting requirements:
Asset Management: fully understand the cyber environment, including the operational terrain and interconnected assets.
Vulnerability Management: proactively protect enterprise attack surface and assess defensive capabilities.
Defensible Architecture: design cyber infrastructure with an understanding that security incidents will happen, and that resilience is essential.
Cyber Supply Chain Risk Management (C-SCRM): quickly identify and mitigate risks, including from third parties, posed to federal IT environments.
Incident Detection and Response: improve the ability of Security Operations Centers (SOCs) to detect, respond to, and limit the impact of security incidents.
Balancing Business
While streamlining how agencies manage cybersecurity risks will allow for better regulation and monitoring, it may create additional responsibilities for federal managers. When adapting to an entirely new and different way of operating, there will be growing pains. It will be up to managers to evaluate their office’s current protocols and oversee employees adjusting their current metrics and reporting practices for cyber risks to conform to the new requirements set up by CISA.
Managers and supervisors could experience scrutiny on multiple fronts. They may face backlash from their employees who have been in the habit of operating at their current standards and are having to change their operations to fit the new CISA requirements. Managers and supervisors could also face scrutiny from agency leaders regarding the efficiency and accuracy in which their employees update their standards to meet the CISA requirements. Managers will need to strike a balance between efficiency and accuracy, while mitigating possible employee dissatisfaction.
Allegations & Accountability
Agency managers will be responsible for implementing the new guidelines and reporting structures for cybersecurity management. Missteps in handling the cybersecurity of federal agencies could lead to calls for accountability that may lead to allegations and investigations.
Allegations and investigations can lead to disciplinary actions such as suspensions and terminations being taken against you, or even personal capacity lawsuits. If an allegation is made against you, it is a necessity, not luxury, to have knowledgeable and effective counsel advocating on your behalf.
Supervisor Safeguarding
As the professional liability insurance (PLI) provider endorsed by the leading federal employee associations, FEDS Protection offers federal employee PLI policies with $1 million, $2 million, or $3 million in civil liability protection for attorney’s fees and indemnity costs in the event you are sued in your civil capacity. The FEDS policy also includes $200,000 of legal representation coverage per incident for administrative actions and $100,000 of coverage for criminal defense costs.
Annual premiums for FEDS Protection PLI start at $290. Additionally, federal managers, supervisors, and law enforcement officers are eligible for a reimbursement of up to 50% the cost of their PLI policy through their agency. To learn more about how a FEDS PLI policy can protect you and your career, visit www.fedsprotection.com or call (866) 955-FEDS, M-F 8:30am-6pm to speak directly to a representative.
*This article is provided for informational purposes only and does not constitute legal advice.