Skip to content ↓ | Skip to navigation ↓

All Federal Government agencies are under cyber attack. Online threat levels are growing geometrically. Around the globe, information and networks are penetrated by forces that regularly outpace traditional cyber security defenses.

While the usual hackers and criminals remain persistent challenges, the new, next generation threats now come from state-sponsored military and intelligence organizations, terrorists groups, and international crime organizations. Many in the U.S. Military consider cyber security the next battlefield in the war against terrorism.

Cyberspace has become weaponized. No organization is safe and Federal Government agencies have the most to lose because of network interconnectivity that puts all government agencies at risk and the threat to national security is real.

In addition Federal systems are rapidly increasing in complexity, sophistication and interconnectivity. No longer do solitary networks and remote data centers alone require cyber security. Now the interconnectivity of agency networks requires enterprise and architecture solutions that must also include mission partners throughout the Government.

The Opposition – Constantly Evolving

The opposition is fully mobilized, agile and dangerous. Next generation threats (Advanced Persistent Threats –APT and Zero Day Exploits) are emerging. Addressing the new cyber threats demands unprecedented network monitoring, awareness, and readiness across federal enterprises. Most organizations know that the problem is serious, but few understand its full impact or implications for the future.

However, proactive measures can be taken to detect and act in time to reduce risk and maintain service at the enterprise and infrastructure level.

The Present Federal Solution Represents Old Thinking

The present Federal cyber security strategy represents old thinking that is insufficient to meet the new threats. Federal strategy is rule bound and administrative in nature and the government cannot hire enough qualified and effective cyber warriors to meet the next generation of threats.

Furthermore, contractors engaged in constructing cyber security defenses, especially large system integrators focus on staffing strategies that are revenue driven rather that total technical solutions that better benefit the customer.

Redundant, overstaffing results and preference is given to staff with longevity instead of agility and creativity. Hiring of the “best and brightest” cyber warriors is sacrificed because many of the most effective cyber warriors do not meet the out dated hiring standards of Federal agencies. This is particularly true when high level security clearances are required.

The enemy does not follow this strategy. The net result is modern day hackers that easily overcome traditional perimeter solutions in the Federal space and put national security at risk.

New Technology and Solutions

New, powerful technology is emerging that, when coupled with best practices engineering, provide automated protection that is upgradeable, powerful and cost effective to meet agency needs.

The ideal solution uses a combination of best proven technology, central administration and scalability that results in cost savings through the reduction of operating staff while increasing security and effectiveness.

This is accomplished through a two-step process: the first secures all computer systems, networks and endpoints through adherence to best engineering and development practices, criticality analysis and vulnerability assessment that ensures the confidentiality, integrity and availability of all systems.

The second step is the prevention of next generation threats (APT, Zero Day exploits) through network monitoring, advanced detection, mitigation and forensics:

This solutions approach reduces excess cost due to overstaffing, automates and eliminates redundant functions and uses the most modern technology against malicious, criminal and state sponsored attacks now and in the future.

Leveraging technology with qualified professionals allows for a relatively small team to give comprehensive coverage at a reduced overall cost. An example of the type of coverage this style of solution provides is shown in the graphic below:

pic.jpg

The Future

The future is of cyber security in the Federal Government is very uncertain and problematic. In order to establish an effective defense that addresses existing and future threats the agencies must adopt a new, flexible and aggressive outlook attitude toward the enemy.

No longer can agencies operate on the deployment of “business as usual” staffing and hiring strategies and expect to defend against advanced and powerful state sponsored and criminal threats. Nor can contractors avoid the best technology and substitute large numbers of redundant staffs and still remain competitive in the modern cyber world.

 

Jon StoutAbout the Author: Jon M. Stout is Chief Executive Officer of Aspiration Software LLC (@AspirationSWLLC). Aspiration Software LLC is an Information Technology/Cyber Security services provider focused on the Intelligence Community (IC). For more information about cyber Security capabilities go to http://aspirationsoftware.com

 

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

 

Related Articles:

 

P.S. Have you met John Powers, supernatural CISO?

 

Title image courtesy of ShutterStock

Hacking Point of Sale
  • Well said! And I totally agree.

  • Steve L

    Not quite sure what the author means by "cyberspace has become weaponized" The closest thing I can think of is Stuxnet or what was done in the Aurora Project. I believe that the military terms being assigned to the environment today are somewhat ridiculous. All this is simply intelligence gather and some very primitive sabotage. To equate this all to "Cyber Warfare" is a bunch of bull. The author, like many others of his kind (Alexander, Chertoff, Hayden, etc…) are trying to convince us that we need their products and services or that government agencies need money to buy their products and services to counter this threat. I just love how they imply that nothing is being done to counter the threat and how current methods are totally ineffective.

    Effective risk analysis coupled with the application of appropriate controls will counter 95% threat. The other 5%? No such thing as a completely secure system…..plan for it, make contingencies and live with it.

    • Yet the State Department’s SMART system is full of holes, mixes classified and unclassified data, has little in the way of access controls, does not meet FISMA standards, and applied for a waiver. That’s just one government system out of thousands that are all weak form a security perspective. The author is merely pointing out that not enough is being done to secure the nation’s critical assets, and I agree.