DrillDown
Achieving holistic
cybersecurity
To be effective in their security efforts, agencies must be proactive and use cyber analytics and cognitive-based systems to develop true security intelligence
BY JOHN LAINHART AND CHRISTOPHER M. BALLISTER
No longer can security programs rely on the “if it’s not broke, don’t fix it” approach. Adversaries could already be inside systems, stealing data or probing for weaknesses. Too many CIOs and chief information security officers have thought their systems and data were secure when in fact they were anything but.
Security programs need effective protection of valuable information and systems to prevent data breaches and to comply with ever-increasing federal requirements, includ- ing the Federal Information Security Management Act, the Privacy Act, policy and guidance from the Office of Manage- ment and Budget and the National Institute of Standards and Technology, the General Services Administration’s Fed- eral Risk and Authorization Management Program, and the Federal Acquisition Regulation.
To be effective, CIOs and CISOs need timely cyberse- curity insights so they can quickly take action. With mas- sive increases in data, mobile devices and connections, security challenges are increasing in number and scope. The aftermath of a breach can be devastating to an orga- nization in terms of reputational and monetary damages, and can be experienced through three major categories of security challenges: external threats, internal threats and compliance requirements.
External threats
The nation faces a proliferation of external attacks against major companies and government organizations. In the past, those threats have largely come from individuals working independently. However, attacks have become increasingly more coordinated and are being launched by groups that include criminal enterprises, organized collections of hack- ers and state-sponsored entities. Attackers’ motivations can include profit, prestige or espionage.
Attacks target ever-more critical organizational assets,
including customer databases, intellectual property and even physical assets that are driven by information systems. There are significant consequences resulting in IT, legal and regulatory costs, not to mention loss of reputation. Many attacks take place slowly over time and are masked as normal activity. The vector known as advanced persistent threat requires specialized continuous monitoring methods to detect threats and vulnerabilities prior to breaches or loss of sensitive data.
Internal threats
In many situations, breaches come not from external parties but from insiders, which include employees, contractors, consultants, and even partners and service providers. The causes range from careless behavior and administrative mistakes (such as giving away passwords to others, losing backup tapes or laptops, or inadvertently releasing sensi- tive information) to deliberate actions taken by disgruntled employees. The resulting dangers can easily equal or surpass those from external attacks.
A strong security program must include the ability to pre- dict external and internal threats and assess their mission impacts, and they must be validated by cognitive technol- ogy and cybersecurity experts serving mission operators.
Compliance requirements
Public-sector enterprises face a steadily increasing number of federal, industry and local mandates related to secu- rity, each of which have their own standards and reporting requirements. In addition to the federal requirements noted above, there are sector-specific requirements such as the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act for health information, and the Sarbanes-Oxley Act for financial information.
June 15, 2016 FCW.COM 29