Top 5 Priorities Around Federal Cybersecurity for 2017
The year 2016 again saw large data breaches of both Federal and private companies, from the IRS to telcos and internet service providers. Couple that with hacks of emails during the 2016 Presidential Election, and the year ended with a lot of attention on data security. Cybersecurity, or the federal government’s lack of it, has become more prominent due to ongoing attacks targeting Federal entities.
The good news is that the Government is following the private sector, with the appointments in recent years of a United States Chief Technology Officer (US CTO), a United States Chief Information Officer (US CIO), and now, in 2016, the first Federal Chief Information Security Officer (US CISO). The first Chief Information Security Officer’s job will be to drive cybersecurity policy, planning, and implementation across the Government. Brigadier General (retired) Greg Touhill was tapped to fill the post.
Top 5 federal cyber priorities
Rob Roy, chief technology officer of the U.S. Federal Cybersecurity team at HPE, recently highlighted the top five priorities around federal cybersecurity for 2017, shorted here:
- Cyber workforce
Acquiring top talent will be key to optimizing operations and finding the most suitable personnel to accomplish security goals. The federal government will continue to prioritize the need to invite the best and brightest around security into the federal space.
- Partnering with industry
The newly-appointed CISO will lead a team within the Office of Management and Budget. This team will “conduct periodic cyberstat reviews with Federal agencies to insure that implementation plans are effective and achieve the desired outcomes,” said current U.S. Chief Information Officer Tony Scott.
This is where industry comes into play. It’s critical that the federal CISO position sets a precedent of partnering with the best in industry to achieve the government’s cyber missions. This collaboration in 2017 and beyond can help industry assist the public sector in fortifying agencies’ protection from voracious and persistent cyber foes.
- Acquisition and IT modernization
Every day, cyber threats become significantly more sophisticated and therefore more difficult to defend against. According to an April White House report, civilian agencies are spending 71 percent of IT budget on legacy systems.
But there is good news. Next year will mark the largest allocation of government funds to cybersecurity in history. The U.S. government will acquire more modernized equipment in 2017 than ever before, and the Department of Homeland Security Continuous Diagnostics and Mitigation (CDM) program will bring its sights to bear on vulnerability management. Above all else, getting a handle on both the hardware and software vulnerabilities by thinking of them as unlocked doors in the federal IT infrastructure will go a long way toward thwarting attacks.
- Safeguarding data
While foreign countries pose a significant threat to digital homeland security, so do the infrastructures and strategies we use to defend against them.
Government can utilize industry expertise to help implement info-sharing practices and improve response time against breaches to systems. Additionally, placing forethought into proactive counter measures like Format Preserving Encryption and behavioral monitoring can help agencies have their finger on the pulse during attacks.
- Securing the Internet of Things (IoT)
By 2020, there are estimated to be 50 billion IoT devices and sensors distributed across the internet. As hacking threats mature, the security capacity of these devices stays the same, leaving them increasingly vulnerable.
Hackers are using modern methods to take advantage of our IoT devices. As the Internet of Things continues to rise, government should implement devices on which they, or a Cyber Underwriters Laboratory, can verify security and mitigate access to their networks. By regularly validating approved hardware and authorizing software, agencies will enhance the security of their ever-growing networks. However before any digital transformation can occur, it is first and foremost critical that agencies ensure all data is secure.
What can be done?
Whether data breaches are perpetrated by lone operators or state-sponsored actors, data theft is a constant, and protecting data is of the utmost importance. It’s not a question of if you will be hacked; it’s a question of when. And it’s vital to be prepared.
Federal entities, as well as the private sector, need to implement end-to-end data-centric security. This best practice for data security enables entities to protect data over its entire lifecycle—from the point at which it’s captured, throughout its movement across your extended enterprise, all without exposing live information to high-risk, high-threat environments. That’s the essence of data-centric security.