As anyone who works in any government IT field can tell you one of the greatest frustrations they face is integrating their many products. Regardless of whether an agency has begun its migration to the cloud or is just operating data centers, silos undermine the potential of technology and can even compromise an agency’s ability to meet its mission.
For those managing the nation’s cyber defenses, the siloed nature of the federal government’s IT infrastructure presents a particular — and particularly serious — challenge. Agencies can have 15 to 20 different cyber tools operating in their IT environments, supported by just 15 people. While those 15 people are well trained and keep up to date on their certifications, they maybe proficient at only 5 of those tools. It’s impossible for them to be experts in more.
This results in a situation where the tools that the team understands best become their priority. The others work, but the information they provide isn’t integrated into the team’s knowledge of their cyber posture. In other words, the team isn’t getting the full picture of the threat environment facing the agency.
Imagine if information from all cyber tools on the network could be integrated. The value of each tool would increase as access to new information was unlocked and a full view of the threat environment became clear.
As an illustration, think about the much-discussed Target breach from 2013. It is memorable not only because many consumers’ information was compromised but also because of the strange way the hackers gained access into the Target network — via the HVAC company. Target had a lot of tools at their disposal and a very good team, but despite the best of everything the breach was missed. The data that would have enabled the cyber team to connect the dots and discover the breach was in silos.
Or, think about cyber defenses as a game of chess. The network is the chess board, and endpoints are the chess pieces. Players need information about both the board and the pieces to play the game successfully. If they only know about the board or the pieces, then players can’t make informed decisions.
For example, if some pieces are missing but the security team is only looking for intrusions, they’re not going to be able to respond to the threat gap left by the missing pieces. Equally, if someone has cut pieces out of the board but no one is looking at that, there’s a strong chance that pieces could go missing, or other disasters happen. However, if the information about the pieces and the board are broken out of silos and combined, the full context of the game would be known, and better decisions made. For the chess player, that’s getting to checkmate more quickly. For a cyber team, that’s preventing intrusions and mitigating the impact of breaches more quickly.
While federal government agencies need to prioritize tool integration to get contextual knowledge and a holistic view of both the threat environment and their defense posture, there’s another level to integration I’d put on my wish list for 2019 — enabling SOCs across all agencies to communicate and share. This would make a much broader understanding of the threat environment and the overall context available to cyber teams. We’ve made progress on this issue with the Department of Homeland Security’s CDM program, now entering its third phase, but until all data silos are broken down we won’t have a clear understanding of all the gaps and vulnerabilities that agencies face and no opportunity to build the federal government’s digital resilience.