CYBER RESILIENCE
HOW TO GO FROM MISSION IMPOSSIBLE
TO MISSION SUCCESS
Government agencies need to rethink the way they look at cyber defense to ensure
that cyber policies and C
goals are integrated in day-to-day mission execution.
YBER DEFENSE IS mission-critical for every public sector organization. Every federal, state and local govern- ment agency is responsible to defend security of data and IT systems in
The first step is driving operationally relevant cybersecurity. This requires that the cyber policies and goals that government executives make are integrated in day-to-day mission execution. Today, there is a profound disconnect in this area. To ad- dress the gap, agencies must obtain effective cyber command and control capabilities. There are three key focus areas to attain this state:
1. Know what’s happening on your network, cloud infrastructure, and device footprint. Organi- zations need pervasive network visibility, from the endpoint to the cloud. This helps IT teams maxi- mize the preventative power of perimeter tools and reduces the “dwell-time” of successful breaches.
2. Remove the blinders of silos and disjointed systems. For example, agencies must ensure that all monitoring teams from audit to security to HR can track, communicate, and defend across application, environment, and user device.
3. Deploy an effective identity management program. Minimize unauthorized access to devices and IT assets – with authentication capabilities that verify users with a high level of assurance, across a large range of devices and environments.
There is no magic bullet or tool to winning
in the cyber battle. That said, the three areas
of cyber hygiene discussed above, if properly addressed, can deliver effective cybersecurity. This is borne out in data repeatedly cited by the
US Department of Homeland Security and GSA that estimates that 96 percent of breaches could
be mitigated through competent cyber hygiene. Clearly this approach can have a substantial impact in the battle for cybersecurity across the public sector. The cyber battle is the fight of this era, and a mission that the government cannot afford to lose.
Jacklyn Wynn is Vice President, Strategy and Market Development, Global Public Sector at RSA, the Security Division of EMC.
SPONSORED CONTENT
JACKLYN M. WYNN
‎VICE PRESIDENT, STRATEGY AND MARKET DEVELOPMENT, GLOBAL PUBLIC SECTOR AT RSA, THE SECURITY DIVISION OF EMC
their care, and also to aid in the broader cyber defense of the homeland against disparate adversaries. Truly, the mission of cyber defense transcends government agency elements and organizations.
Unfortunately, government agencies have experienced painful episodes underscoring that this security vision has not been operationalized. Government organizations are acknowledging
the fact that they have not been fully effective at preventing or even reducing the impact of breaches in many respects. By-and-large, this failure is
due to a continued focus solely on preventative approaches. These preventative and perimeter- based IT security systems – like all the castles built in history – are ultimately always breached.
Throwing money at disjointed solutions (even
if cutting edge or disruptively innovative) has not added to the safety and security of agency IT infra- structure or driven coherent cyber risk manage- ment and governance. Investments and capabilities in one area must be leverage-able and discoverable across the entire IT footprint. Unfortunately, many investments that have been made have not been integrated into the broader security mission.
The government agencies at all levels face motivated, agile, and well-funded adversaries that want to cause significant harm. And in today’s world, they can. As the stakes in the battle have escalated, past models addressing cyber threats have, as noted, performed poorly in securing organizations from the threats
they face. What’s needed is to fundamentally rethink the way that government agencies look at cybersecurity.
S-22