Page 20 - FCW, Nov/Dec 2017
P. 20
CYBERSECURITY
WIN CYBER BATTLES
An intelligence-led strategy shifts the focus from regulatory compliance
to risk mitigation.
A LTHOUGH IT’S TRUE cyberattacks are getting more sophisticated, they
are only as complex as they need to be to succeed. If hackers can break into a system using something simple, they’ll
save a more sophisticated attack for another day. We need to ensure we’re putting additional barriers in place that make the cyberattacker’s job more di cult.
It starts with basic cybersecurity hygiene, which should be an institutional component
of what agencies do every single day. If their hardware does not support the latest operating systems and if they are not automatically deploying patches as quickly as possible, they should make it a priority.
Know Your Adversary
Cyberthreats will continue to accelerate as we bring more assets online, which means CIOs and other agency leaders should be thinking about cybersecurity as an evolving problem. In the physical world, the Defense Department would not go into a battle without understanding who and where the adversaries are and what capabilities they have. Government agencies should take the same approach to the cyber realm.
When agencies understand their adversaries, they can look for additional indicators within their systems, and they can build a cybersecurity strategy that focuses on risk mitigation instead of regulatory compliance. It should be an intelligence-led strategy and it should permeate an agency’s entire computing environment.
IT leaders start by nding the answers to questions such as who are their adversaries? What are they after inside the agency? What tools do they use? What IP addresses do they typically come from? Could they have already compromised systems without the agency’s knowledge?
Some agencies are gathering their own threat intelligence by answering those questions. Then they’re combining it with commercial contextual
SPONSORED CONTENT
TONY COLE
VICE PRESIDENT AND GLOBAL GOVERNMENT CTO, FIREEYE
threat intelligence to give them a perspective that they haven’t had in the past.
The next step is using that intelligence
to hunt for problems in agency networks—a process that will give IT leaders even more insight into their adversaries. The security team can then feed that intelligence back into the agency’s platform to make it smarter and able to continuously evolve.
From all that internal and external intelligence, agencies can begin to automate their security structure, eliminate false positives and create playbooks that help them orchestrate quick responses to cyberincidents so their security teams can focus on more complex problems.
The Right Metrics
We can’t secure everything, but we can succeed in the small battles by locking down critical assets and stopping data ex ltration when those assets are breached. As we close one hole and move on to the next, we’re making progress.
Instead of focusing on compliance, Congress and the White House should work together to ensure we’re grading agencies on the right metrics. For example, if a system
is compromised but o cials can show that nothing was ex ltrated; that’s a win. Those o cials should not be taken to task for a breach that didn’t a ect the agency but instead was a learning experience.
Although there are some pockets of excellence among agencies, an enormous e ort still needs to be undertaken. Breaches are continuing despite the emphasis on compliance, but by creating an intelligence- driven strategy, agencies can move toward risk mitigation.
Tony Cole is vice president and global government CTO at FireEye.
S-8