Defense and Homeland Discuss Priorities for Cybersecurity
WASHINGTON — Dramatic changes in the workforce and service delivery have posed unique security challenges over the last year. Evolving technologies are accommodating training and remote work, but new cybersecurity threats continue to emerge.
In the last few years, directives have required federal agencies to take a variety of actions, including better managing their cybersecurity risks and coordinating to meet reporting requirements related to the cybersecurity of federal networks and critical infrastructure. Yet despite this progress, many agencies still face challenges in safeguarding their information systems and information.
Top defense and homeland IT security officials recently joined the Federal News Network to discuss their lessons learned and continued priorities for implementing strategies and initiatives around cybersecurity.
“Not that long ago, cyber was considered a tech issue to be addressed by just the IT team,” said Martin Kessler, chief information security officer for the Verizon Business Group. “Now we are keenly aware that there’s a business risk… that could affect our ability to deliver on missions.”
Cybersecurity is, at its core, about data loss prevention, detection, and response. In the government’s case, cybersecurity strategies often have national security implications.
“We’ve learned this year about [the Army’s] ability to do remote distributed operations,” offered Ron Pontius, deputy to the commander in the U.S. Army Cyber Command. The Army, like so many agencies and businesses, worked to pivot to remote telework, establish virtual private networks, and made drastic changes to its network as a result of moving its cyber command to Fort Gordon, Ga. last year.
“We rolled out a commercial vertical mode, and the Army has embraced it,” Pontius said. “We’ve created an environment where those that were base-oriented can now have more remote capability… It’s fundamentally changing how we’re doing business in the Army.”
Colleagues at the Defense Intelligence Agency and Department of Homeland Security agree that a cybersecurity focus is embedded into the culture of their agencies.
DHS has established the National Cybersecurity and Communications Integration Center, which functions as the 24/7 cyber monitoring, incident response, and management center for the federal civilian government.
“[Cybersecurity is] helping us … with real-time and security situational awareness, preventing outages and defending from hostile threats,” said Hemant Baidwan, acting deputy chief information security officer at DHS.
Baidwan admitted that moving to hybrid cloud computing helped to emphasize DHS employees’ cyber hygiene — meaning those practices that help keep data safe and well-protected — and created a structure capable of handling increased telework with uniform protections against cyber adversaries.
DIA, which operates across multiple networks from unclassified all the way up to top-secret, is also working to make cybersecurity part of its normal business rhythm and mindset.
“We’re [working to be] in a more secure state instead of just being compliant,” said Freddy Mercado, deputy chief information security officer at the DIA. This means revamping and revitalizing DIA’s asset management program, and requires a plan for comprehensive tracking, because as Mercado reminds, “If you don’t know what you own, it’s hard to defend it.”
Private enterprise partners like Fortinet are assisting federal agencies with security solutions to protect the network, users, and data from continually evolving threats.
“Cybersecurity is hard because of growing attacks,” said Fortinet’s Field Chief Information Security Officer Jim Richberg. “No one can solve this alone – it’s a public/private issue. We’ve worked with partners from health care to criminal investigators…. deploying technology to help be nimble and get away from the old approach to networks.”
Richberg offered that Fortinet was at the intersection of IT and operational technology, hardware and software that detects or causes a change through the direct monitoring and control of physical devices — a growing need.
“We’re in the year of the hybrid, and I don’t mean cars,” he added, alluding to a new mix of work patterns and hybrid workers, particularly since the start of the pandemic. “The environment is changing for everyone.”
Illumio, a cloud computing security company, is a federal agency partner that specifically prevents breaches from spreading within a network.
“Architectures are still…. based on detection technology,” said Matthew Glenn, Illumoio’s senior vice president of product management. “But detection will often fail, so the mindset [needs to be] changed about where defense needs to reside, and defenses need to be modified to prevent breach.”
Agencies were not previously equipped to determine how malicious actors were seeking to gain access to their information systems and data.
“Adversaries are looking at what our focus is and going for our weak spots,” Glenn added. He said that when the security focus is on the user, attackers learn to go behind the user and take advantage of the fact that previous cybersecurity efforts really only focused on the perimeter.
“[Now], the core mindset of zero trust is to assume breach and default deny,” meaning to only allow that which you should allow. So Illumio is helping federal partners to alleviate their cybersecurity concerns by compartmentalizing, “stopping abnormal communication patterns, focus[ing] on the end-user, and focus[ing] on the data center and cloud environments.”
Despite this improvement in federal agencies’ monitoring of their information security programs, however, there remain specific areas “to improve our ability to protect against malicious cybersecurity, including speed and how you protect and professionally train a civilian workforce to stay on mission,” according to Pontius. “Because you don’t do it for cybersecurity, you do it for the mission.”
Baidwan agrees that attracting and training top cyber workforce talent is increasingly difficult as the federal government has to compete with private industry. Proposals for a Cyber Workforce Talent Initiative prioritize and accelerate ongoing efforts to reform the way that the federal government recruits, evaluates, selects, pays, and places cyber talent.
“We need to improve the quality and quantity of professionals in the pipeline that can join this incredible mission,” he said.
In The News
“Make no mistake, our adversaries want to divide us to conquer us,” warned Erin Joe, section chief of the private sector office of the FBI, noting that nation-states like Russia, North Korea, Iran, and China are deploying daily cyberattacks against the US. Opening yesterday’s CyberSatDigital conference,... Read More
WASHINGTON -- The ongoing energy crisis created by a Russian gang’s ransomware attack late last week led the Biden administration to announce a multi-pronged strategy for confronting it on Monday. While President Biden declared an emergency, Colonial Pipeline officials said they expect to resume transporting most... Read More
Last year saw an increase of 20% in cyberattacks against organizations, said James Turgal, vice president of Optiv, during the first day of the CyberSatDigital conference. The most common attack, with over 184 million reported last year, is known as a ransomware attack - when bad... Read More
WASHINGTON — In a covert operation to undercut hacking groups’ attempts to exploit vulnerabilities in Microsoft’s Exchange email program, the FBI has begun accessing hundreds of vulnerable computers in the United States to remove malicious web shells. Web shells, interfaces that grant control over a web... Read More
WASHINGTON - As Congress continues to worry about the nation’s cybersecurity, a key high-ranking military witness during a Senate hearing Wednesday said he was “concerned about the pace” of building an adequate cybersecurity workforce. When Congress tasked the Department of Defense and military services with building... Read More
The White House on Thursday unveiled sweeping sanctions on Russia in retaliation for cyberattacks, foreign influence operations and other behavior. The measures include the expulsion of 10 Russian diplomats. The moves were announced Thursday morning in a lengthy statement from the Biden administration which for the... Read More