DHS tweaking cyber ‘credit score’ program
A cyber hygiene “credit score” is in the works for federal agencies — but don’t expect to see a public report card anytime soon.
Continuous Diagnostics and Mitigation Program Manager Kevin Cox said at FCW’s Nov. 28 CDM event that the Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm is already ingesting data, and the plan is to put it “fully into production heading into FY2020.”
AWARE is intended to help agencies prioritize mitigation activities so they ca improve basic cybersecurity hygiene, according to Dave Otto, a risk management subject-matter expert with the Department of Homeland Security’s federal network resilience division who spoke in a September webinar. The algorithm assigns a weighted cyber hygiene score based on unmitigated threats and promotes a “worst-problems first” approach when dealing with mitigation issues.
Cox told reporters after his Nov. 28 speech that AWARE could also be used to accelerate agencies’…