Cybersecurity is a perpetual battle. As soon as agencies shore up their defenses, a new type of attack arises. But the 2021 Executive Order on Improving the Nation’s Cybersecurity has done much to give the good guys an edge. In addition to making “prevention, detection, assessment, and remediation of cyber incidents…a top priority and essential to national and economic security,” the order calls for specific actions, including implementing zero-trust architectures, removing barriers to threat information sharing and improving threat detection.
“It’s pretty amazing because for the first time in a lot of years, we’re really transforming what cybersecurity is across the federal government and how we’re handling things,” said Amy Hamilton, Senior Cybersecurity Adviser, Policy and Programs, at the U.S. Department of Energy.
Bo Berlas, Chief Information Security Officer (CISO) at the U.S. General Services Administration, is optimistic about public-sector cybersecurity, too. “I can tell you from an agency perspective, we have a clear vision and a detailed plan that is really focused around executing against a set of challenges that we have,” Berlas said. “That’s a really great place to be.”
So, just how are agencies tackling this persistent problem? Here are five ways.
One: Zero Trust
The concept of zero trust “assumes no implicit trust granted to assets or user accounts,” providing a strategic opportunity to fundamentally change agencies’ approach to cybersecurity, Berlas said. That change involves moving away from traditional perimeter-based security to “applying security with a focus on the data, with a focus on the device, with a focus around the user, and making sure that we not only validate that access initially, but do so on a continuous basis,” he said.
One way GSA is doing that is through microsegmentation — dividing networks into segments and applying security controls to each. As a result, about 98% of users no longer connect over virtual- private networks, but over secure access and secure edge technology. “We’ve facilitated direct migration of roughly 30 to 40 buildings towards this microsegmentation model for more readily securing [operational technology/the Internet of Things]. We’re focused around getting to roughly 500 buildings over the next three years.”
Berlas cautions that some employees mistake zero trust as agencies not trusting them. “That really couldn’t be any farther from the truth,” he said. “It’s about providing the right access at the right time.”
Two: Artificial Intelligence
Since OpenAI’s launch of ChatGPT in November 2022, talk about AI has been at an all-time high, but AI in general has a role to play in cybersecurity because of its ability to pick out patterns — and anomalies — faster than humans can.
Consider how it could thwart phishing attacks by detecting when someone has clicked on a phishing link in an email, for example — something that at least one person at 86% of organizations has tried to do.
AI algorithms “help identify abnormal behavior, whether it’s an account or some other service running on the network,” said Russell Marsh, Cyber Operations Director in the National Nuclear Security Administration’s Office of the Chief Information Officer (CIO).
“I would like to see us get to the point where AI and machine learning help us get more proactive,”
he added, such as being able to identify IP-based protocols before they’ve gone all the way through to attack or before bad actors can broaden their account privileges across the network.
This article appeared in our guide, “A New Cyber Game Plan Takes Shape.” To see the rest of the five ways and learn more about how respond to — and head off — the latest threats, download the guide: