Read part one
here.
Technology: Providing the Necessary Visibility
Cybersecurity personnel can’t succeed without the proper tools, but many of them don’t have the technology necessary to protect their agencies. According to the Federal Cybersecurity Risk Determination Report and Action Plan, 38% of federal cyberincidents didn’t have an identified attack vector. Per the report, IT professionals simply don’t have a good grasp of where attacks are originating, who or what is causing them, or how to track them down.
Part of this is due to the heavily siloed nature of federal agencies. The DoD, for example, has many different arms working with their own unique networks. It can be nearly impossible for an Air Force administrator to see what’s going on with the Army’s network, even though an attack on one could affect the entire DoD infrastructure. Things become even more complicated when dealing with government contractors, some of whom have been behind several large security breaches, including the infamous
Office of Personnel Management security breach in 2014.
Some of it is due to the increasing complexity of
federal IT networks. Some networks are hosted in the public cloud, while others are on-premises. Still, others are of a hybrid nature, with some critical applications being housed on-site, while others are kept in the cloud.
Regardless of the situation, agency administrators must have complete visibility into the entirety of the network for which they are responsible. Technology can provide this visibility, but not the garden-variety network monitoring solutions agencies used 10 years ago. The complexity of today’s IT infrastructures requires a form of “network monitoring on steroids.” Administrators need to be able to effectively police any type of network—distributed, on-premises, cloud, or hybrid—and provide unfettered visibility, alerts, and forensic data to help administrators quickly trace an event back to its root cause.
Administrators must have a means of tracing activity across boundaries, so they can have just as much insight into what’s happening at their cloud provider as they do in their own data center. Further, they must be able to monitor their data as it passes between these boundaries to ensure information is protected both at rest and in-flight. This is especially critical for those operating hybrid cloud environments.
None of this should be considered a short-term fix. It can take the government a while to get things going—after all, many agencies are still trying to conform to the
National Institute of Standards and Technology’s password guidelines. That’s OK, though; the fight for good cybersecurity will be ongoing, and it will be incumbent upon agencies to evolve their strategies and tactics to meet these threats over time. The battle begins with people, continues with technology, and will ultimately end with the government being able to more effectively protect its networks.
Find the full article on Fifth Domain.