Page 12 - FCW, July/August 2018
P. 12

                                                 CYBERSECURITY CONTINUAL VIGILANCE
                                                                     Maintaining a consistent and up-to-date threat profile is a challenge.
  international affairs at the Carnegie Endowment for International Peace, says the level of threat faced by federal networks “has few parallels, and agencies have been unable to keep up.” In a paper published in April for the Harvard Kennedy School’s Belfer Center for Science and International Affairs, the former deputy assistant secretary of defense for cyber policy described the problems as “systemic.”
“Federal cybersecurity is a dense, inaccessible topic to those outside the information security community and even to some inside it,” she wrote. “Information is scattered across a variety of government documents, with no one-stop shop to understand the topic.”
Charlet’s list of systemic factors that contribute to the current environment will be familiar to many people:
• Difficult tradeoffs between centralized federal leaders and decentralized agency management;
• Inconsistent leadership engagement on cyber risk management at the agency level;
• Varying degrees of agencies’ compliance with directives;
• Limited financial resources and a rigid government budgeting cycle;
• Scattered congressional oversight and a complicated legal and regulatory structure.
Getting the basics of cybersecurity in place can be a slog. Take email, the channel for phishing attacks used by hackers to infiltrate agencies’ systems and data. To mitigate those threats, the government
has tasked agencies with adopting email security standards, such as HTTPS and HTTP Strict Transport Security (HSTS), as well as other security protocols such as Domain-based Message Authentication, Reporting & Conformance (DMARC). As of mid-May, however, only 62 percent of all government agencies were fully compliant with those enforcement orders, according to the CIO Council’s website.
Compliance itself isn’t a panacea. The federal CIO Council determined that the Interior Department had compliance of 95 percent or higher for all but
 PRODUCED BY: SPONSORED BY:
   




















































































   10   11   12   13   14