Today’s enhanced connectivity provides tremendous opportunities, as well as significant challenges, for government’s mission. At Smart Cyber, Symantec’s 14th Government Symposium, we heard from Jeanette Manfra, Assistant Secretary in the Office of Cybersecurity and Communications at the Department of Homeland Security (DHS). She explained how DHS is attempting to achieve that balance between challenge and opportunity.
Manfra likened our current era of technological innovation to the Industrial Revolution. In the Industrial Revolution, she noted that government and society struggled with similar questions. Both public and private sector organizations were “interested in capturing innovation for the benefit of society but had to balance concerns of health and safety,” she said. “They had to consider how to ensure that we remained safe and the right incentives were aligned to take advantage of innovation.”
Today, the revolution is different. “Now we’re on the cusp of becoming a digital society,” Manfra said. Nevertheless, the same questions are being asked by industry and government. How do we take advantage of the increased interconnectivity of cyberspace without putting our nation and its people at risk?
Manfra admitted the answer to that question is complex, at best. “What you’re trying to defend is almost unknowable,” she said. The size and scale of data flowing across networks today can make defense seem unreachable.
So how does the federal government defend the unknowable and confront this next revolution? Manfra offered several insights that DHS has begun to incorporate into their cybersecurity strategie.
First, she said it’s critical that government maintain visibility. As agencies confront the reality of budget and resource constraints, many are turning to third party vendors and outsource solutions like cloud to increase cost efficiencies. However, if those migrations aren’t effectively executed and governed, organizations can easily lost sight of their network.
“This new age requires a new way of thinking about how agencies and private sector share data,” Manfra said. For DHS, that means implementing models like shared services that help agencies leverage new solutions in an effective, secure way that maintains visibility across the entire enterprise.
Beyond simply providing shared services, Manfra also called out DHS’ role in collecting and leveraging that enterprisewide data to execute more centralized strategies. The Continuous Diagnostics and Mitigation (CDM) program, for instance, ensures that sensors are connected across federal agencies. That means agencies can access better data about their own networks, “but DHS also benefits because we can gain all of that sensor data and use it to better understand enterprise risk,” she said.
A risk-based approach is critical to confront today’s challenges, according to Manfra. If you consider both the federal systems and the private sector network that is connected to them as a single cyber ecosystem, a risk-based approach could help agencies identify and mitigate vulnerabilities before they are exposed by cyberattacks.
“Adversaries are thinking of the network as a means to an end,” she said. “That’s not a different goal than it’s been for hundreds of years, it’s just happening in a new medium that we have to understand from end to end.”
Because the cyber ecosystem is connected, Manfra also said DHS is “leaning into its authorities” to encourage this risk-based approach across not just government but industry as well. “It’s not just that these directives are useful for agencies… It’s also something that can signal to others that this is what we, as a federal government, believe are important functions and it might be something others should pursue,” she said.
Ultimately, this is the goal of DHS: to confront this next industrial revolution but helping agencies and industry take a better, collaborative approach to understanding networks and how to secure them. “When you create a network view of the word, you’ll see things you didn’t before. Data from your entire cyber ecosystem can show you answers to questions you never thought to ask,” she concluded.