Since the summer of 2015 when the OMB launched its cybersprint program, federal agencies have become remarkably resilient in the face of persistent cyberattacks. The most promising evidence of this turnaround was that no federal agency fell victim to the recent WannaCry ransomware that left many organizations, including FedEx, Honda, and Britain’s National Health Service, unable to operate for days, if not weeks, following the attack.
Participants in the government-focused panels at Cybertech Fairfax agreed that there should be commendations for the turnaround, but cautioned that there was no time to rest on laurels. They urged federal CIOs and CSOs to continue embracing innovative solutions to maintain a baseline advantage against the constant barrage of attacks.
Speakers, including Hala Furst, Cybersecurity and Technology Business Liaison at the Department of Homeland Security (DHS), discussed the importance of connecting agencies to cybersecurity startups. Startups like Illusive, which is developing proactive APT defenses via sophisticated deception tactics, is one example of the type of innovative data security solution that federal agencies should be exploring in order to stay one step ahead.
Evidently, there is no shortage of cybersecurity startups with brilliant solutions to defeat APTs, ransomware, and threats we’re yet to name. However, Furst and CSRA’s Seth Abrams, CTO for Department of Homeland Security, emphasized that the real obstacle for federal agencies adopting these next-generation solutions lies in the acquisition process. “Acquisition of cyber solutions is something that government needs to get better at,” said Furst. “By the time [an agency] acquires a solution, threats are three years old.”
While echoing Furst’s frustrations, Abrams offered a way out of this acquisition conundrum without waiting for substantive acquisition reform to bring solutions into government more quickly. “The simplest way to avoid this bottleneck is to develop partnerships between government and the private sector and between Inside the Beltway integrators and emerging tech companies,” he offered.
Both the Department of Defense and DHS have created innovation incubators in Silicon Valley and in other IT hubs that help tailor solutions to mission and also help increase understanding of how the federal government works. “This approach, along with programs like CSRA’s Emerging Technology program, help overcome the bottlenecks for industry and for federal agencies,” Abrams noted. He continued, “I’ve been particularly proud of how our team can foster emerging tech companies and get them into the government so that the solution is proven and ready to go before the crisis hits.”
Despite the fact that there is much work to be done within the federal government to streamline the acquisition process in order to take full advantage of innovations in the cyber field, it’s obvious that all parties share a commitment to future-focused thinking. In thinking about what comes next, in terms of threats and solutions, federal agencies are no longer preventing yesterday’s attacks, but fully invested in developing a strategic approach to data security.