Commerce department increases focus on cybersecurity

Cybersecurity ​remains an increasingly critical consideration for every federal agency, and decision-makers are faced with the question of how best to protect their data and other digital assets. As countless incidents have demonstrated over the past few months, current cybersecurity practices are clearly not sufficient, and agencies need to embrace new policies and strategies to stay one step ahead of hackers and other cybercriminals. 

The Commerce Department recently announced significant steps in this area. The department intends to provide far greater oversight of the 14 agencies over which it has authority in order to improve each organization's cybersecurity capabilities, Federal News Radio reported.

Real-time security
The Commerce Department will soon establish the Enterprise Security Oversight Center, according to the source. The ESOC will provide the department with a real-time view of cybersecurity throughout the organizations that fit under the Commerce Department's purview. These include the Census Bureau, Patent and Trademark Office, National Weather Service and more.

"Right now, our bureaus have their own cybersecurity capabilities, and we see a lot of gaps between those capabilities," said Roger Clark, a senior adviser for national and homeland security programs at the Commerce Department, Federal News vhf marine radio reported.

Rather than take over these cybersecurity initiatives, the Commerce Department will aim to improve information-sharing between relevant agencies.

"The oversight organization is going to provide cross-organizational situational awareness so we have that common operating picture, and we can provide senior management with a better idea of what our security posture is so that they can make informed decisions. We're more of an intelligence-gathering organization, doing threat analysis, but then letting the organizations take the appropriate mitigation efforts in their own systems," said Clark.

Support needed
The Commerce Department's new effort is undoubtedly a step in the right direction. However, it also speaks to the difficulties that plague all federal cybersecurity initiatives. Most notably, many agencies struggle to collaborate and cooperate to protect their resources. And in many cases, such efforts are hampered by the fact that agency leaders themselves are not fully aware of the cybersecurity tools in place throughout their organizations, nor the ways that employees utilize these available solutions.

To overcome this issue, agencies should consider working closely with third-party cybersecurity solutions providers. These firms can help federal groups to identify the current status of their cybersecurity posturing and offer guidance to improve their capabilities.