Agencies get cyberattack guidance

The CIO Council and OMB issue guidelines directing agencies to coordinate cyberattack reports and warnings with FedCIRC

CIO Council memo

The CIO Council and the Office of Management and Budget issued guidelines

this week directing agencies to coordinate cyberattack reports and warnings

with the Federal Computer Incident Response Capability.

The memorandum details the processes that agencies should follow to

improve coordination and interaction with FedCIRC at the General Services

Administration.

The memo requires agencies to:

* Report externally generated security incidents to FedCIRC.

* Make sure alerts and warnings from FedCIRC are received by the appropriate

people at each agency.

* Acknowledge, when necessary, that they received the FedCIRC messages

and explain the corrective actions taken.

The memo was signed by Sally Katzen, chairwoman of the CIO Council and

deputy director for management at OMB, and Jim Flyzik, vice chairman of

the council and CIO of the Treasury Department.

The CIO Council's Security, Privacy and Critical Infrastructure committee

developed the memo with OMB, GSA and agencies throughout government. It

comes in the wake of the problems with the reporting and response processes

that were highlighted by e-mail viruses earlier this year.

When the "love bug" hit in May, agencies and FedCIRC found themselves

struggling to get out warnings and put protections in place, and the General

Accounting Office testified before Congress that better information sharing

procedures are needed.

By coordinating with FedCIRC, agencies will be able to improve security

not only for themselves, but also for other agencies. "When faced with security

incidents, an agency should respond in a manner that both protects its own

information assets and helps other organizations that might also be affected,"

the memo states.

The memo includes a table indicating three levels of agency contact

information for FedCIRC, including the agency CIO and the security manager

or system administrator for the agency's headquarters and offices. OMB asked

agencies to send contact information to FedCIRC by the end of October.

It also lists the type of information that should be shared between

agencies and FedCIRC and when the sharing should occur.

NEXT STORY: Roster Change