The inconsistent cybersecurity maturity across the federal government’s Sector Risk Management Agencies creates a persistent challenge for U.S. national security.
Abstract
Recent cyberattacks on critical infrastructure have underscored a persistent challenge: the inconsistent cybersecurity maturity across the federal government’s Sector Risk Management Agencies (SRMAs). To address this critical national security gap, this document proposes a new framework for the Office of the National Cyber Director (ONCD) to evaluate and improve the cybersecurity capabilities of these agencies. The model would enable ONCD to annually evaluate SRMAs on a 1-to-5 scale based on their domain expertise, policies, risk assessments, incident response, and cross-sector coordination—especially in operational technology (OT) environments. The framework is designed to align with existing mandates and standards, while establishing consistent benchmarks for federal budgeting, sector-specific performance metrics, and collaboration with industry. The overarching goal is to enhance national critical infrastructure resilience by identifying SRMA gaps, guiding investment, and enabling both public and private sectors to plan for continuous cybersecurity improvement.