Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Cybersecurity

Data Security Is Cybersecurity

by GTI Editors
November 4, 2015
in Cybersecurity
Reading Time: 4 mins read
A A
Share on FacebookShare on Twitter

Experts cite risk management, strong authentication, CDM as tools to help protect assets.

The goal of cybersecurity is to protect data, wherever it might be, in order to facilitate agencies pursuing their missions. That is one important takeaway from a webinar hosted by Federal News Radio and FedInsider earlier this month on “Cybersecurity vs. Data Security: Government’s Two-Pronged Challenge.”

Dr. Ron Ross, National Institute of Standards and Technology (NIST), said that he has “never been able to separate the data from the system where it lives … I think what we’ve been missing is tied back to the mission of the organization.”

Ross suggested the value of the information, and agencies’ ability to protect it, has a direct impact on their carrying out their missions.

Bill Lay, CISO for the State Department, noted that addressing data security requires “a full-spectrum approach. It’s not just technology, not just data security – the people portion is huge.”

Ann Barron-DiCamillo, Director, US-CERT, Department of Homeland Security, noted that “the last 24 months of data breaches [show] the attack surface is growing daily. It’s not effective for agencies to just widen their nets to protect everything … We must protect what matters most.”

Which leads, of course, to the hot topic of risk management.

Risk management “is predicated on having the right stakeholders involved,” Ross said. “Sometimes the mission business owners who actually take the risks are not involved in the [security] decisions.”

He compared the balancing act of risk management – deciding priorities in protecting assets – as akin to building an aircraft. “If [the plane] is perfectly stable, it won’t fly; if it is unstable, it has maneuverability.” The question becomes finding the right level of tradeoff.

Making sure stakeholders have a clear idea of their roles and responsibilities in cyber/data security pays dividends, Barron-DiCamillo said.

The 30-day cybersecurity sprint launched in June, in response to the major data breach at the Office of Personnel Management, saw tangible results, she said. “The emphasis was on strong authentication, two-factor authentication … Because of that increased focus, we were able to go from 42% to 72% [using it] in that 30 days.”

Ross agreed the cyber sprint was an excellent tool for sharpening cybersecurity efforts governmentwide. “We’re trying to step back from all these breaches and [see the big picture,]” he said. “The new technology is compelling to use, it makes us more productive, but at the same time one vendor’s new feature is the attacker’s” next opportunity.

The cyber sprint provided the chance to look at information flow, the use of technology, the requirements for cybersecurity, from the different stakeholders’ perspectives, he said. For instance, doing a stakeholder analysis shows that it’s very rare for a user to need access to an entire database at one time.

Agencies need to do a better job of architecting their databases, Ross said, to provide access to the portions users need, but keep them out of the parts they don’t. That can make the difference between a hacker walking off with 20 million records or a couple of thousand, he said.

The availability of continuous diagnostics and mitigation (CDM) tools through the DHS contract is helping, but it is not a silver bullet, Ross said.

“[It’s] a great program, it provides a lot of benefits, but it’s only [addressing] one aspect of the problem,” he said. “As good as CDM is, … fundamentally this is a science/engineering complexity problem. There’s only so much complexity you can manage. We have to address the growth of the attack surface, [which is] as much a cultural issue as a technical issue.”

Lay said the State Department is moving into that realm. “We’re expanding our suite of CDM tools. We’re trying to blend in as seamlessly as possible with legacy architecture while trying not to drown in the sea of information.”

 

 

 

RELATED POSTS

Boosting Agility for State and Local Government Finance & Budget Offices
Digital Transformation

Boosting Agility for State and Local Government Finance & Budget Offices

March 30, 2023
secure cloud communications represented by a hand holding a cloud with various symbols representing communication things
Cybersecurity

How to Enhance and Secure Cloud Communications Between Agencies

March 30, 2023
FedRAMP is the Foundation of Trusted and Secure Government
Acquisition

FedRAMP is the Foundation of Trusted and Secure Government

March 29, 2023
Please login to join discussion

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    9427 shares
    Share 3771 Tweet 2357
  • Exploring the New Department of Defense Zero Trust Strategy: A Podcast with Verizon and Zscaler

    86 shares
    Share 34 Tweet 22
  • FedRAMP is the Foundation of Trusted and Secure Government

    39 shares
    Share 16 Tweet 10
  • Why the Government Needs a Cloud-Native Workforce

    21 shares
    Share 8 Tweet 5

CONNECT WITH US

Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisment Banner Ad Advertisment Banner Ad Advertisment Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us