Trade Group Collecting Tips on Federal Cybersecurity for White House


ACT-IAC plans to take its recommendations to the White House, the CIO and the Federal CIO Council.

Trade group ACT-IAC wants to hear all ideas for improving government cybersecurity.

Starting Wednesday and until Aug. 28, the organization is collecting recommendations from academia and the public and private sectors for ways to strengthen the federal security posture. In September, ACT-IAC plans to submit those recommendations directly to the Office of Management and Budget, including to Chief Information Officer Tony Scott and the Federal CIO Council. It also plans to release a public report outlining findings. 

The survey, with responses visible to the public, consists of eight questions, including:

  • "How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an on-going component of agency risk management practices, not just a side-bar activity?"
  • "How can agencies effectively address current time lags with detection of and response to vulnerabilities and threats that will significantly compress breach-to-detection-to-response times?"
  • "How should the government expand beyond its emphasis on perimeter defense and even defense-in-depth, and instead put more relative resources toward combining actionable threat intelligence with robust response and resiliency strategies and architectures that account for the adversary’s point of view?"

ACT-IAC issued the survey about two weeks after federal agencies completed the White House-mandated 30-day “Cybersecurity Sprint," intended to force them to fix immediate security flaws and implement features such as multifactor authentication.

The White House is also rethinking its approach to buying secure technology. On Thursday, OMB posted a notice that it would soon be collecting public comment on proposed guidance for “Improving Cybersecurity Protections in Federal Acquisitions.”

It is also reviewing acquisition and IT policies “around contractor and subcontractor information system security."

“The increase in threats facing federal information systems demand that certain issues regarding security of information on these systems is clearly, effectively and consistently addressed in federal contracts," the notice said. 

(Image via Tanarch/