Defense and Homeland Discuss Priorities for Cybersecurity
WASHINGTON — Dramatic changes in the workforce and service delivery have posed unique security challenges over the last year. Evolving technologies are accommodating training and remote work, but new cybersecurity threats continue to emerge.
In the last few years, directives have required federal agencies to take a variety of actions, including better managing their cybersecurity risks and coordinating to meet reporting requirements related to the cybersecurity of federal networks and critical infrastructure. Yet despite this progress, many agencies still face challenges in safeguarding their information systems and information.
Top defense and homeland IT security officials recently joined the Federal News Network to discuss their lessons learned and continued priorities for implementing strategies and initiatives around cybersecurity.
“Not that long ago, cyber was considered a tech issue to be addressed by just the IT team,” said Martin Kessler, chief information security officer for the Verizon Business Group. “Now we are keenly aware that there’s a business risk… that could affect our ability to deliver on missions.”
Cybersecurity is, at its core, about data loss prevention, detection, and response. In the government’s case, cybersecurity strategies often have national security implications.
“We’ve learned this year about [the Army’s] ability to do remote distributed operations,” offered Ron Pontius, deputy to the commander in the U.S. Army Cyber Command. The Army, like so many agencies and businesses, worked to pivot to remote telework, establish virtual private networks, and made drastic changes to its network as a result of moving its cyber command to Fort Gordon, Ga. last year.
“We rolled out a commercial vertical mode, and the Army has embraced it,” Pontius said. “We’ve created an environment where those that were base-oriented can now have more remote capability… It’s fundamentally changing how we’re doing business in the Army.”
Colleagues at the Defense Intelligence Agency and Department of Homeland Security agree that a cybersecurity focus is embedded into the culture of their agencies.
DHS has established the National Cybersecurity and Communications Integration Center, which functions as the 24/7 cyber monitoring, incident response, and management center for the federal civilian government.
“[Cybersecurity is] helping us … with real-time and security situational awareness, preventing outages and defending from hostile threats,” said Hemant Baidwan, acting deputy chief information security officer at DHS.
Baidwan admitted that moving to hybrid cloud computing helped to emphasize DHS employees’ cyber hygiene — meaning those practices that help keep data safe and well-protected — and created a structure capable of handling increased telework with uniform protections against cyber adversaries.
DIA, which operates across multiple networks from unclassified all the way up to top-secret, is also working to make cybersecurity part of its normal business rhythm and mindset.
“We’re [working to be] in a more secure state instead of just being compliant,” said Freddy Mercado, deputy chief information security officer at the DIA. This means revamping and revitalizing DIA’s asset management program, and requires a plan for comprehensive tracking, because as Mercado reminds, “If you don’t know what you own, it’s hard to defend it.”
Private enterprise partners like Fortinet are assisting federal agencies with security solutions to protect the network, users, and data from continually evolving threats.
“Cybersecurity is hard because of growing attacks,” said Fortinet’s Field Chief Information Security Officer Jim Richberg. “No one can solve this alone – it’s a public/private issue. We’ve worked with partners from health care to criminal investigators…. deploying technology to help be nimble and get away from the old approach to networks.”
Richberg offered that Fortinet was at the intersection of IT and operational technology, hardware and software that detects or causes a change through the direct monitoring and control of physical devices — a growing need.
“We’re in the year of the hybrid, and I don’t mean cars,” he added, alluding to a new mix of work patterns and hybrid workers, particularly since the start of the pandemic. “The environment is changing for everyone.”
Illumio, a cloud computing security company, is a federal agency partner that specifically prevents breaches from spreading within a network.
“Architectures are still…. based on detection technology,” said Matthew Glenn, Illumoio’s senior vice president of product management. “But detection will often fail, so the mindset [needs to be] changed about where defense needs to reside, and defenses need to be modified to prevent breach.”
Agencies were not previously equipped to determine how malicious actors were seeking to gain access to their information systems and data.
“Adversaries are looking at what our focus is and going for our weak spots,” Glenn added. He said that when the security focus is on the user, attackers learn to go behind the user and take advantage of the fact that previous cybersecurity efforts really only focused on the perimeter.
“[Now], the core mindset of zero trust is to assume breach and default deny,” meaning to only allow that which you should allow. So Illumio is helping federal partners to alleviate their cybersecurity concerns by compartmentalizing, “stopping abnormal communication patterns, focus[ing] on the end-user, and focus[ing] on the data center and cloud environments.”
Despite this improvement in federal agencies’ monitoring of their information security programs, however, there remain specific areas “to improve our ability to protect against malicious cybersecurity, including speed and how you protect and professionally train a civilian workforce to stay on mission,” according to Pontius. “Because you don’t do it for cybersecurity, you do it for the mission.”
Baidwan agrees that attracting and training top cyber workforce talent is increasingly difficult as the federal government has to compete with private industry. Proposals for a Cyber Workforce Talent Initiative prioritize and accelerate ongoing efforts to reform the way that the federal government recruits, evaluates, selects, pays, and places cyber talent.
“We need to improve the quality and quantity of professionals in the pipeline that can join this incredible mission,” he said.
In The News
WASHINGTON -- As the international blame game over ransomware heats up this week, the U.S. government is scrambling for solutions with increasingly combative strategies. Legislation that won tentative approval in Congress on Monday anticipates a bigger role for the U.S. government in overseeing cybersecurity of critical... Read More
BEIJING (AP) — China on Tuesday rejected an accusation by Washington and its Western allies that Beijing is to blame for a hack of the Microsoft Exchange email system and complained Chinese entities are victims of damaging U.S. cyberattacks. A foreign ministry spokesman demanded Washington drop... Read More
WASHINGTON — Despite our reliance on space technology for things like communication, transportation, food, and health care — not to mention national security — our national space assets aren’t officially designated as critical infrastructure. Humanity is already dependent on space, but neglecting to protect space technology... Read More
The United States, NATO and several allies collectively called out China on Monday for a series of malicious cyber- and ransomware attacks, including a March attack that exploited a flaw in Microsoft's Exchange Server. Monday’s announcement, which followed a conference call with White House reporters Sunday... Read More
BOSTON (AP) — The State Department will offer rewards up to $10 million for information leading to the identification of anyone engaged in foreign state-sanctioned malicious cyber activity against critical U.S. infrastructure — including ransomware attacks — and the White House has launched a task force... Read More
WASHINGTON (AP) — President Joe Biden said Tuesday that damage to U.S. businesses in the biggest ransomware attack on record appears minimal, though information remained incomplete. The company whose software was exploited said fewer than 1,500 businesses worldwide appeared compromised but cybersecurity experts caution that the... Read More