Just how are government agencies going to protect mission-critical applications and sensitive data in the coming years? That’s the question on the mind of every federal agency CIO as they’re asked to protect more information to a higher standard with ever-shrinking budgets.
Recently, FTI had the opportunity to sit down with two industry thought leaders from Sourcefire to discuss this problem and listen to their recommendations. In the eyes of Erich Baumgartner, Vice President, Public Sector Sales, Sourcefire and CP Morey, Vice President, Product and Solutions Marketing, it’s time for government agencies to embrace “fundamental change’ when tackling government cybersecurity because simply doing things the same way will lead to the same outcomes – networks that are perpetually vulnerable.
Conventional Detection is Outdated
For both Morey and Baumgartner “it’s not a matter of if but when a network will get attacked,” and Morey went on to add that agencies must no longer only spend money on first-generation intrusion protection systems aimed only at thwarting attacks as they happen. They instead “must take steps to make their entire environment more resilient.” This involves viewing a cyber attack as a continuum encompassing periods before, during, and after the attack.
Share and Open Resources
One interesting item that the Sourcefire team made certain to highlight was that federal agencies face unique challenges. The ways in which vendors engage with enterprise customers are not necessarily applicable in the government sector, as security vendors and their enterprise customers regularly engage in information sharing in the interest of preventing attacks. Baumgartner was quick to point out that because “it is more of a closed system on the federal side,” information sharing is highly unusual.
This inability to broadly share information leaves agencies somewhat vulnerable since attacks evolve so quickly in the current climate; if you are not sharing information, you run the risk of missing crucial information about detecting and mitigating attacks. Baumgartner and Morey are both strong advocates of open source technology adoption for federal agencies to facilitate cybersecurity strategies that are more responsive and adaptive but omit the need to share information with commercial or hacker communities.
So, what other best practices do the two cybersecurity leaders have in mind? Baumgartner stresses that there are several best practices that should adopted by agencies seeking to bolster their cybersecurity strategy.
Embrace the Attack Continuum
A robust cybersecurity strategy can not rely only on prevention. What happens before and after an attack is just as important as what is happening on the network during an attack. Agencies need to adjust their budgets to reflect this three-phased approach and be investing in testing and forensics, and budgeting for remediation as well as continuing to invest in security products and services.
Coverage Beyond End Points
Given how agency networks are evolving to meet the needs of a mobile workforce, agencies need to clearly define what assets they are protecting. It will be particularly important as agencies move more data to the cloud that they include security spend for virtualized environments in their budgets as these will be high value targets for cyberespionage in particular.
Technology that Works Continuously
Technology must also work on a continuous basis. For Baumgartner, in particular, agencies shouldn’t have to settle for a security versus network performance scenario. Using a platform which combines a high level of security with mission-enabling technology is a key to success; this includes establishing open source technology as a foundation for an organization’s cyber defense strategy.
A Clear Vision
A key component of this continuity is to ensure that visibility into network traffic and applications is a fundamental piece of any cybersecurity solution. After all, the places you are most likely to find the origins of an attack or identify malicious activity in progress is in these two places.
In the end, both Baumgartner and Morey agree that their fundamental wish for agencies is to accept the changing nature of cybersecurity, attacks are inevitable and funds should be budgeted for remediation and containment not simply detection. Sharing more information – even if data sharing occurs between agencies – and participating in open source communities will help the federal government deploy the strongest and most meaningful efforts.