{"id":221978,"date":"2026-05-28T16:22:00","date_gmt":"2026-05-28T20:22:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/28\/detect-understand-respond-driving-omb-cisas-latest-cyber-efforts\/"},"modified":"2026-05-28T16:25:09","modified_gmt":"2026-05-28T20:25:09","slug":"detect-understand-respond-driving-omb-cisas-latest-cyber-efforts","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/28\/detect-understand-respond-driving-omb-cisas-latest-cyber-efforts\/","title":{"rendered":"\u2018Detect, understand, respond\u2019 driving OMB, CISA\u2019s latest cyber efforts"},"content":{"rendered":"

\u2018Detect, understand, respond\u2019 driving OMB, CISA\u2019s latest cyber efforts<\/a><\/p>\n

https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/05\/detect-understand-respond-driving-omb-cisas-latest-cyber-efforts\/<\/a><\/p>\n

Publish Date: 2026-05-28 16:22:00<\/a><\/p>\n

Source Domain: federalnewsnetwork.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Agencies will soon have new requirements for logging cybersecurity data to better secure their systems and applications against ever-increasing threats.
\nThe Office of Management and Budget\u2019s new memo outlining these changes is one of several ways the Trump administration is recalibrating cyber defenses as the threat of artificial intelligence-fueled cyber attacks increase.
\nActing Federal Chief Information Security Officer Mike Duffy wrote on LinkedIn that the new policy \u201cfocuses agencies on what matters most: continuous visibility, rapid detection, effective threat hunting and actionable response capabilities.\u201d
\nAnd given the recent discovery by Claude\u2019s Mythos of thousands of zero day vulnerabilities in systems that were previously known or not addressed, agencies and industry are being forced to figure out how best to strengthen their partnership against these AI-fueled attacks.]]><\/p>\n

Nick Andersen, the acting director of the Cybersecurity and Infrastructure Security Agency, said he has deep concerns specifically about one type of technology when it comes to cybersecurity vulnerabilities.
\nNick Andersen is the acting director of the Cybersecurity and Infrastructure Security Agency.
\n\u201cThe open source community is one that I\u2019m particularly worried about when we start to think about the rapid escalation of vulnerability discovery. But it is going to result in us having to make some really, really hard decisions on the level of investment that\u2019s going to be required,\u201d Andersen said on May 21 at the Cyber Innovation Summit sponsored by the National Security Institute at George Mason University\u2019s Antonin Scalia Law School. \u201cI think there\u2019s tremendous opportunity here to re-architect areas where we know that they\u2019ve been lacking, to make investments in areas where we know that we\u2019ve been lacking, and to just force some hard security decisions to be made in a way where people thought that their risk profile was different than what it is. When we see the escalation in terms of speed, scale and velocity of vulnerability discovery to weaponization and exploitation, that\u2019s something that a month and a half ago, everybody around here started talking about.\u201d
\nAndersen said agencies still face an uphill climb to get out from under their technical debt that includes many of these vulnerabilities.
\n\u201cWhat is it that we\u2019re going to try to be able to do to modify our approach to vulnerability management, modify our approach to coordinated vulnerability disclosure and modify our approach to remediation, with the explicit understanding that we\u2019re just not going to be able to keep up using traditional mechanisms with the load that we\u2019re going to see for vulnerability discovery moving forward,\u201d Andersen said.
\nSome of those changes that Andersen is talking about are at the center of OMB\u2019s new data logging policy.
\nDuffy wrote, \u201cCybersecurity success is not measured by how much data we collect, but by how effectively we can detect, understand and respond to adversary activity.\u201d
\nThis is why OMB is emphasizing agencies collect data that supports continuous event monitoring (CEM) and threat hunting, investigation, response and forensics (THIRF).]]><\/p>\n

\u201cThreat actors have increasingly used automation and artificial intelligence to accelerate attacks against critical systems. These enhanced capabilities can help threat actors rapidly gain unauthorized access to a system, move from that system to others, and maintain their illicit access undetected over a substantial period of time,\u201d OMB wrote in the memo. \u201cTo mitigate the risk posed by these intensifying digital threats, agencies need the ability to rapidly detect, respond to and analyze anomalous activity on their networks.\u201d
\nAndersen said the velocity, volume and veracity of threats just reinforces the need to deepen partnerships across the government and with industry.
\nHe said a recent incident involving Cloudflare is a good example of where public-private sector partnerships need to go. The company shared with CISA what happened during a recent outage. He said Cloudflare was open and communicative while it was occurring and afterwards.
\n\u201cThen they were willing to come in and talk about a playbook for the future on how they thought people could learn from their best practices from engaging during that incident, and that was just related to an outage,\u201d Andersen said. \u201cAs we are building on those playbooks for the future, we start to look at maliciously derived incidents and that is going to be very important to the work that is going to be taken on over the long term.\u201d
\nCISA, Army partnership
\nAnother long-term partnership that CISA is pursuing is with the Army and local communities that host military bases.
\nIn fact, earlier in May, CISA, the Army, the Federal Communications Commission and others met with local leaders at Fort Bragg in North Carolina to figure out how to ensure military bases are more resilient against cyber attacks.
\nThis is part of an ongoing effort by CISA to focus on the resiliency of critical infrastructure providers through an intergovernmental approach called the homeland defense working group.
\nAs a part of the Defense Critical Infrastructure Program (DCI), Andersen said the government is changing its approach to critical infrastructure provider protections.
\n\u201cWhere I think we have failed in the past with initiatives of how we took on things like section nine designations for companies that we thought were critically important was we would take an entity level view, we would just say \u2018Company X, you are very important, here\u2019s your letter saying that you\u2019re very important, best of luck. Maybe we\u2019ve got some opportunities to collaborate with you going into the future,\u2019\u201d he said. \u201cWhere we\u2019re trying to get to now is saying there\u2019s a specific function that is critically important, in this case for defense critical infrastructure, and a specific function that needs to be delivered. How can we set real resilience targets associated with that?\u201d]]><\/p>\n

Andersen added the end goal of this interagency team is to \u201cachieve a higher level of resilience for defense critical infrastructure,\u201d ensure owners and operators have a path to ease recovery and establish resilience metrics.
\nThe DCI is part of how CISA, and the government more broadly, is trying to partner at scale. Andersen said this creates a unified effort that can lead to a good quality understanding of what is the real threat and risk landscape, what are the problems that everyone is trying to solve and how can the government provide resources in a coordinated way.
\nAndersen said this intergovernmental approach is starting to come together to make the relationships with critical infrastructure providers more seamless.
\n\u201cWhen we start to look at some of our partnership elements, we\u2019re deliberatively working right now to prioritize critical infrastructure owner operator entities that we can get to first. And again, this is all months ago that we started kicking all this stuff off. So, this is not in direct response to any of the things we\u2019ve been talking about recently,\u201d he said. \u201cTo develop an intergovernmental approach to a homeland defense working group, we need to look at a good blue space view of what is it that\u2019s most significantly important to us. We started to look at public health and safety, national security and defense critical infrastructure, and continuity of the economy. Then taking a good red space view of looking back at our intelligence holdings from the last several years and saying, this is our view of what we think is important, here\u2019s what the adversary thinks is important, where we actually seen them pre-position [attacks], where we see in their activity, where are we seeing them landing on the infrastructure that they believe is going to be most significant for achieving their objectives. Then looking at that overlap and saying, now how do we go engage with joint action plans with those companies directly, and some of those are technology companies, some of those are critical infrastructure owner operators.\u201d
\n Copyright
\n \u00a9\u00a02026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

\u2018Detect, understand, respond\u2019 driving OMB, CISA\u2019s latest cyber efforts https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/05\/detect-understand-respond-driving-omb-cisas-latest-cyber-efforts\/ Publish Date: 2026-05-28 16:22:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":221979,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2024\/08\/white-house-cybersecurity.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,27],"class_list":["post-221978","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221978"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=221978"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221978\/revisions"}],"predecessor-version":[{"id":221980,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221978\/revisions\/221980"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/221979"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=221978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=221978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=221978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}