White House Cybersecurity Coordinator Howard Schmidt has announced three priority areas where federal departments and agencies “need to focus their cybersecurity activity” –and a new set of cyber security goals to be reached by 2014.

Schmidt, in a White House blog posted Friday, said his office has recognized “the challenge of knowing which (types of technology and talent) will be most effective when dealing with advanced adversaries, especially in a limited budget environment.”

As a result, Schmidt, in consultation with other federal cybersecurity experts, identified the following three areas for federal departments and agencies to concentrate on, according to his post:

• Trusted Internet Connections (TIC)– Consolidate external telecommunication connections and ensure a set of baseline security capabilities for situational awareness and enhanced monitoring.

• Continuous Monitoring of Federal Information Systems –Transforms the otherwise static security control assessment and authorization process into a dynamic risk mitigation program that provides essential, near real-time security status and remediation, increasing visibility into system operations and helping security personnel make risk-management decisions based on increased situational awareness.

• Strong Authentication– Passwords alone provide little security. Federal smartcard credentials such as PIV (Personnel Identity Verification) and CAC (Common Access Cards) cards provide multi-factor authentication and digital signature and encryption capabilities, authorizing users to access Federal information systems with a higher level of assurance.

Schmidt also set a goal, by the end of 2014, to have Federal departments and agencies achieving 95% “utilization of critical administration cybersecurity capabilities on Federal information systems, including Trusted Internet Connections (TIC), Continuous Monitoring, and Strong Authentication.”

“The purpose in selecting three priority areas for improvement is to focus federal department and agency cybersecurity efforts on implementing the most cost effective and efficient cybersecurity controls for Federal information system security,” Schmidt said.

James Lewis, Director, Technology and Public Policy Program at the Center for Strategic and International Studies, praised the direction of Schmidt’s announcement.

“TIC has been in the works since 2008, so it’s nice that they are making progress,” he said.

“Continuous monitoring is the only way to go, but there is inexplicable resistance from the some agency CIOs. Some kind of smart card or device is the only way to get strong authentication, so its good they’ve come to this conclusion,” he added.

Schmidt went on to say in his blog that “Federal departments and agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management.”

Schmidt noted that the areas were selected in coordination with cybersecurity experts from Department of Homeland Security, the Department of Defense, the National Institute of Standards and Technology, and the Office of Management and Budget.

To support implementation of these priorities, Schmidt said he is leading a Cross-Agency Priority (CAP) Cybersecurity goal, one of a limited number of Cross-Agency Priority (CAP) Goals for both crosscutting policy and government-wide management areas, as required under the Government Performance and Results Modernization Act of 2010.

The administration priorities are integrated with other Federal cybersecurity activities, including the recently released FY11 FISMA report and FY12 FISMA metrics.

Schmidt said “Many departments and agencies have been working on these areas for several years, and there has been much progress. By focusing on these priorities we plan to push adoption past the tipping point of adoption for all Federal systems.”

(This article was updated March 27.)