In late August, the Office of Management and Budget (OMB) issued an implementation memo regarding Section 8 of the administration’s cybersecurity executive order, which focused on security through data log management. The “Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents” memo contained three key provisions: establishing a maturity model for event log management, agency implementation requirements, and government-wide responsibilities.
As others have already stated — perhaps most notably BSA | The Software Alliance letter to Congressional Appropriators — implementing the order’s requirements will continue to lag without a clear funding mechanism from Congress. In particular, the memo’s enterprise-wide maturity model event logging capture and retention requirements and associated deadlines could place a significant burden on federal departments and agencies already operating in a tight budgetary environment. However, with the continued persistent threats faced daily, government data can be made more secure through efforts such as those outlined in OMB’s memo.
As the federal government currently operates under a continuing resolution while Congress proceeds through a delayed appropriations process, now is the time for dedicated funding lines specific to data log management. Cybersecurity is no doubt a priority of Congress. This can easily be seen in the billions of dollars appropriated each year specific to cybersecurity. However, important efforts such as data log management can be lost in the wash of larger cybersecurity investments within federal departments and agencies. To help maintain adequate cyber defenses, explicit funding should expand to log management which by extension will improve the federal government’s cyber incident investigation and remediation capabilities.
It is also worth mentioning the Technology Modernization Fund (TMF) here. Cybersecurity projects are one of the four areas that the TMF Board is prioritizing. The OMB memo seems to be aligned closely with this funding priority. TMF priorities are designated specifically “[t]o ensure the Administration is balancing immediate response needs and congressional intent for the additional TMF funding in the American Rescue Plan, the Board intends to prioritize projects that cut across agencies, address immediate security gaps... will support investments that move the government to a consistent baseline of maturity in cybersecurity..."
With clear funding in place, industry is here to help federal departments and agencies implement OMB’s data logging requirements. As I recently wrote, Splunk can assist with many of these requirements. From event forwarding, centralized access, logging orchestration, automation, and response, to protecting and validating log information, Splunk offers solutions to meet OMB’s required deadlines.
Click here to find out more about how Splunk can help.