If you work at a government IT office, securing your agency’s data has most likely been at the forefront of your agenda recently. From the OPM data breach to high profile insider threats, government agencies are increasingly falling victim to cyberattacks. However, it can be challenging to fully understand what threats you may face at your agency and what you need to do about them.
In order to identify and discuss these threats and solutions, GovLoop brought together Charles Seel, Division Chief of the Diplomatic Security Cyber Threats Division at the Department of State and Dave Otto, High Value Asset Program Manager, Federal Network Resilience at the Department of Homeland Security at the GovLoop and Red Hat Gov Security in the Digital World Virtual Summit.
Their discussion revealed four main cyber challenges:
- Threats from nefarious actors. The speakers agreed that the three biggest threats to agencies right now are phishing attacks, insider threats, and securing the Internet of Things (IoT).
- Phishing attacks: This kind of attack occurs when a nefarious actor sends an email to someone with the hopes of them clicking on a link or attachment within the email so the actor can gain access to the network of the recipient. Otto explained that it is particularly problematic in government because every time he has done a test phishing attack in an agency, he has had people open the email. “In order to counter phishing attacks, we need to bring user awareness through trainings so people know not to click on suspicious emails,” he said.
- Insider threats. The key to mitigating insider threats is being proactive about spotting a potential threat before they have the chance to attack. Otto emphasized that agencies must leverage tools that can help with behavioral identification of the threat and training to make the workforce aware of behaviors that may be indicative of planning and inside attack.
- Internet of Things. As technology continues to advance, more devices are able to connect through the Internet of Things. “This makes all of these devices endpoints on a network that are susceptible to infiltration,” Seel explained. “While connectivity is a great development, IoT can be a foothold into a network because security is often an afterthought to connectivity.” In order to counter this, he recommended gaining a good understanding of connected devices and actively working to secure these devices once you understand what needs to be done to do so.
- Lack of prioritization. Knowing how to prioritize cyber concerns is a challenge IT departments across government face. In order to have a better grasp on what you should focus on at your agency, Otto recommended a three-pronged approach. First, you have to identify your crown jewels of data. “Some of your data may look or appear to have the same face value but you have to really dig deep and understand the value of your data and prioritize protection accordingly to ensure against loss,” he explained. Once you know what you are protecting and how much it needs to be protected, you can leverage NIST’s cyber framework to help set your goals and objectives for protection. Lastly, Otto suggested developing a threat model that looks at how you are going to stop an adversary from getting into your system, staying in the system, and acting to remove data.
- Budget issues. Obtaining funding for cybersecurity initiatives is also a significant challenge for the public-sector. In particular, it can be difficult to know how much of your agency’s budget should go towards cybersecurity because there is not a one size fits all solution for cybersecurity budgets. “It is really dependent on the organization, those with elevated threats are going to have to spend more of their overall budget on cybersecurity,” Seel said. “So, the more you understand the threat you face, the more you will be able to understand how much to spend on cybersecurity and prioritize investments in security to get the biggest bang for your buck.”
- Limited support from senior leadership. Top down buy in is essential for effective cybersecurity initiatives but can often be one of the most difficult aspects to achieve. As a result, learning how to advocate for cyber resources will be crucial to increasing your cyber posture. In order to do this, the speakers recommended bringing cyber issues to senior leadership in terms that make sense to them. “When you are talking to senior executives and asking for money, it’s important to not get into the weeds of these issues and instead talk about the business impact,” Seel explained. It can be helpful to discuss the threat with agency leaders so they can understand who is out there, what they want from the agency, and what needs to be done about it.
While these are currently some of the biggest challenges to maintaining a robust cyber posture, the threat landscape is constantly evolving. Looking forward, Seel recommended taking a holistic approach to cybersecurity. He concluded, “At the end of the day, we need real visibility and the ability to take action from individual workstations throughout the entire enterprise.”
This blog post is a recap of a session from GovLoop’s recent Gov Security in the Digital World Virtual Summit. For more coverage, head here. To watch the Gov Security in the Digital World Virtual Summit on demand, head here.