White House touts ‘cyber sprint’ successes

The White House is touting the successes of a 30-day “cybersecurity sprint” intended to shore up the government’s most gaping vulnerabilities.

The White House announced the month-long initiative in the wake of the mammoth data breach at the Office of Personnel Management (OPM). Officials revealed on Thursday that the intrusions at the agency have exposed over 22 million people, more than five times more the administration’s initial estimate.

{mosads}In a conference call with reporters Thursday afternoon, federal chief information officer Tony Scott reported the government had “dramatically increased the amount of two-factor authentication for privileged users.”

Two-factor authentication requires those accessing sensitive portions of a network — or privileged users — to employ a secondary form of identification in addition to the traditional login credentials. The process is considered a cybersecurity best-practice for many companies, but has been lacking among government agencies.

Within 10 days of the sprint beginning in early June, the White House said federal civilian agencies boosted their use of multi-factor authentication by 20 percent for privileged users. A few agencies now have 100 percent adoption of multi-factor authentication.

The sprint also included a mandate to review all government systems for critical security flaws. The White House said Thursday that the Department of Homeland Security (DHS) has now scanned over 40,000 systems, identifying and patching numerous defects.

“This is important work across all of the agencies of the federal government to make sure that we greatly enhance cybersecurity,” Scott said.

As part of the sprint, the White House also directed several teams to review the government’s cybersecurity policy and strategy.

In the coming weeks, the White House will release reports summarizing each team’s findings, which are expected to help set the government’s long-term cyber strategy.

The 30-day effort has received mixed reviews from security specialists and former officials.

While some have been impressed by the administration’s aggressive tempo over the four weeks, others worry the effort is a smokescreen masking deeper security problems.

White House cybersecurity coordinator Michael Daniel acknowledged to reporters Thursday that the government had a ways to go on bolstering its cyber defenses.

“We have not fully made the shift to what living in a truly digital environment means,” he said.  

But Daniel insisted the administration is on the right path.

“Cybersecurity is more than the technology that’s involved,” he said. It’s “more about changing mindset and culture.”