All Federal Government agencies are under cyber attack. Online threat levels are growing geometrically. Around the globe, information and networks are penetrated by forces that regularly outpace traditional cyber security defenses.
While the usual hackers and criminals remain persistent challenges, the new, next generation threats now come from state-sponsored military and intelligence organizations, terrorists groups, and international crime organizations. Many in the U.S. Military consider cyber security the next battlefield in the war against terrorism.
Cyberspace has become weaponized. No organization is safe and Federal Government agencies have the most to lose because of network interconnectivity that puts all government agencies at risk and the threat to national security is real.
In addition Federal systems are rapidly increasing in complexity, sophistication and interconnectivity. No longer do solitary networks and remote data centers alone require cyber security. Now the interconnectivity of agency networks requires enterprise and architecture solutions that must also include mission partners throughout the Government.
The Opposition – Constantly Evolving
The opposition is fully mobilized, agile and dangerous. Next generation threats (Advanced Persistent Threats –APT and Zero Day Exploits) are emerging. Addressing the new cyber threats demands unprecedented network monitoring, awareness, and readiness across federal enterprises. Most organizations know that the problem is serious, but few understand its full impact or implications for the future.
However, proactive measures can be taken to detect and act in time to reduce risk and maintain service at the enterprise and infrastructure level.
The Present Federal Solution Represents Old Thinking
The present Federal cyber security strategy represents old thinking that is insufficient to meet the new threats. Federal strategy is rule bound and administrative in nature and the government cannot hire enough qualified and effective cyber warriors to meet the next generation of threats.
Furthermore, contractors engaged in constructing cyber security defenses, especially large system integrators focus on staffing strategies that are revenue driven rather that total technical solutions that better benefit the customer.
Redundant, overstaffing results and preference is given to staff with longevity instead of agility and creativity. Hiring of the “best and brightest” cyber warriors is sacrificed because many of the most effective cyber warriors do not meet the out dated hiring standards of Federal agencies. This is particularly true when high level security clearances are required.
The enemy does not follow this strategy. The net result is modern day hackers that easily overcome traditional perimeter solutions in the Federal space and put national security at risk.
New Technology and Solutions
New, powerful technology is emerging that, when coupled with best practices engineering, provide automated protection that is upgradeable, powerful and cost effective to meet agency needs.
The ideal solution uses a combination of best proven technology, central administration and scalability that results in cost savings through the reduction of operating staff while increasing security and effectiveness.
This is accomplished through a two-step process: the first secures all computer systems, networks and endpoints through adherence to best engineering and development practices, criticality analysis and vulnerability assessment that ensures the confidentiality, integrity and availability of all systems.
The second step is the prevention of next generation threats (APT, Zero Day exploits) through network monitoring, advanced detection, mitigation and forensics:
This solutions approach reduces excess cost due to overstaffing, automates and eliminates redundant functions and uses the most modern technology against malicious, criminal and state sponsored attacks now and in the future.
Leveraging technology with qualified professionals allows for a relatively small team to give comprehensive coverage at a reduced overall cost. An example of the type of coverage this style of solution provides is shown in the graphic below:
The future is of cyber security in the Federal Government is very uncertain and problematic. In order to establish an effective defense that addresses existing and future threats the agencies must adopt a new, flexible and aggressive outlook attitude toward the enemy.
No longer can agencies operate on the deployment of “business as usual” staffing and hiring strategies and expect to defend against advanced and powerful state sponsored and criminal threats. Nor can contractors avoid the best technology and substitute large numbers of redundant staffs and still remain competitive in the modern cyber world.
About the Author: Jon M. Stout is Chief Executive Officer of Aspiration Software LLC (@AspirationSWLLC). Aspiration Software LLC is an Information Technology/Cyber Security services provider focused on the Intelligence Community (IC). For more information about cyber Security capabilities go to http://aspirationsoftware.com
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Cyber Security Solutions for the DoD and Intelligence Community
- Don’t Reinvent the Wheel: Phil Agcaoili on the Cyber Security Framework
- Gartner: Configuration Hardening Required for Security and Compliance
- Security Information and Event Management: Actionable Events
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock