GovLoop

2015 – A Year In Connected Security

This interview is an excerpt from our recent guide, 30 Government Innovations That Mattered in 2015 which examines 30 government case studies that explore innovation at all levels of government. Innovations that spanned the government job spectrum from human resources to cybersecurity and back again.

The largest cyber breach in the his­tory of government saw the person­ally identifiable information of more than 22 million federal government employees, contractors, and their families compromised. Classified records, government security clear­ances, and even fingerprints were leaked after a simple phishing attack infiltrated the Office of Personnel Management’s (OPM) network.

In order to better understand the breach, the government’s reaction, and how future attacks can be prevented, GovLoop sat down with Ned Miller, Chief Technology Strate­gist for Public Sector at Intel.

“In the wake of the breach, the Office of Management and Budget and the Office of the Federal Chief Information Officer assembled a taskforce to operationalize an investigation into the breach,” said Miller. “ I think this was a great next step following the 30-day cyberse­curity sprint.”

The taskforce discovered that the OPM breach was specifically con­ducted through a phishing attack – or an email borne attack. A phishing attack typically involves a specific in­dividual the hacker considers a high value asset. The attackers attempt to compromise their credentials in order to get to datasets.

“Once they capture their creden­tials, they use that information to do a privileged escalation,” Miller said. “A privileged escalation gives the hacker the opportunity to laterally move across the network. So the hacker has the ability to compromise additional high value assets.” The way they come into the system is typically through an endpoint or a consumer’s device.

In order to help agencies find a path forward after the breach, the White House released a mandate that, according to Miller, takes a more comprehensive and prescriptive approach than the federal cybersecurity sprint. For example, the memo mandates that within 30 days all agencies must comply with the guidance directed towards authentication and credentials.

However, Miller concedes the new guidance will not be easy to implement. “There will be a number of challenges the government will face, in particular those of information sharing, skilled resources, and budget alignment.”

IMPLEMENTATION CHALLENGES

Budget alignment The fiscal year 2016 budgets were drafted months ago. Now the new guidance has come out, so agencies have to align their existing budget allocation to this new guidance. The memo dictates very specific deliv­erable dates that agencies need to meet. “With the current budgetary environment, those December and March deadlines are going to be very difficult to meet,” Miller said.

Skilled workforce “Right now the government doesn’t have enough cybersecurity talent to implement some of these objectives laid out in the memo,” he said. “If they don’t recruit and hire the right people, they won’t be able to fulfill the objectives in the memo.”

Information sharing The ability to share threat intelli­gence information in a more mean­ingful way is paramount to the suc­cess of security in government. “We need to share threat information in a way that reinforces our overall position around the threat defense lifecycle,” according to Miller.

To help combat these challenges, Intel has rolled out a Security Threat Defense Lifecycle program. The solution takes a network’s defense sensor grid, whether it’s at the net­work level or at the endpoint, and creates an automated communica­tion path for those sensors to take a proactive remediation position based on the threat intelligence data that they capture. “With the solution, agencies can remediate threats in a much more efficient manner with fewer resources,” explained Miller. The automated communication path created by the Security Threat Defense

Lifecycle is just one part of Intel’s approach to combating cyber breaches. “For the last 18 months we have been talking about the connected security story. The government has been operating as a series of siloed technologies that are all chasing the same out­come. The challenge was we didn’t have an effective means to share information across those different classifications of sensors,” said Miller. “Now we do.”

Intel’s connected security posture features antivirus, application control software, and a host of intrusion prevention software that make up these different classifications of sen­sors. Intel created a message fabric that allows points on the defensive sensor grid to actually communicate with one another and share the threat intelligences globally across that sensor grid. “We can react in an automated fashion in milliseconds to the latest threat,” said Miller. Intel’s connected security story is helping to make the government more secure and efficient.

Exit mobile version