Federal Cybersecurity Off to a Flying Start in 2016

 Author(s): , Posted on April 14th, 2016

In my blog from a few months ago, I outlined several predictions for 2016 – one of which was that cybersecurity challenges would spur federal leaders to pursue new approaches to this continuing problem. Such a prediction might not seem like a stretch in light of the continuous barrage of headlines related to data breaches and other cyber threats, but since that blog the Obama Administration has indeed taken several notable steps in the first few months of 2016.

One such recent development was the inclusion of a new federal chief information security officer position in the Obama Administration’s 2017 budget request. Having a C-level official who can coordinate security policy, planning and implementation across the federal government will raise cybersecurity to the highest level of awareness and action in the federal government. The CISO position is part of a $19 billion cybersecurity budget request by the Administration, an amount that indicates just how much of a priority this challenge has become. According to the White House, this represents a more than 35 percent increase from fiscal year 2016 request in overall federal resources for cybersecurity, “a necessary investment to secure our nation in the future.”

Of course, a budget request means nothing if the resulting policies and requirements are not executed appropriately and efficiently. And that’s where the real work starts for federal agencies. Agency security professionals will be faced not only with increasing cyber threats, but also new compliance requirements and other mandates from OMB.

This may seem overwhelming to federal security leaders, many of whom are no doubt already stretched to their limits and worried about their in-house security capabilities. But I strongly believe that success in any complex undertaking starts with breaking down the complex to the basic elements. Any successful IT initiative comes down to three key ingredients: people, process and technology. Policy directives such as the Cybersecurity National Action Plan can help address the “people” and “process” aspects of this three-legged stool, but the “technology” aspect remains especially challenging.

Federal CIO Tony Scott speaks about the concept of “secure by design” – building security into systems at the start, as opposed to retrofitting them with tacked-on protection. Many or even most of the federal government’s systems in use today were not developed with security as a top design consideration, so adding protection at this time has proven a major hurdle. Scott often compares this to installing airbags in a 1965 Mustang: installing them would not only look terrible, it probably wouldn’t even make the car safer.

Instead, we need to think about entirely new approaches to protecting our data and systems.

As I noted in my earlier blog, traditional perimeter-based defenses are not going to keep attackers out 100 percent of the time. Bad actors ultimately will get in sometime and somehow. In addition to focusing on how to keep them out, we should also seek to minimize the damage they can do if indeed they do get in.

“Secure by design” will require a different approach: modern architectures designed to run in the cloud; multi-factor authentication, virtualized and software-defined networks and data centers, and high value assets protected through micro-segmentation.

Challenges related to cybersecurity remain enormous, and we are playing catch up from many years of reliance on outdated technologies. However the recognition and direction we are seeing from those at the highest levels of government is a welcome and positive move.

This post was first published in Federal Times at http://www.federaltimes.com/story/government/it/blog/2016/04/12/federal-cybersecurity-off-flying-start-2016/82797020.

Tags: , ,


About the Author

Casey Coleman is the Group Vice President of Unisys Federal Systems Civilian Agencies. In this role Casey leads and manages the overall business for key civilian agencies including Justice, Treasury, IRS, GSA, FDIC, Interior, USDA and the Executive Office of the President. Read all Posts





«Time for Multi-Modal Biometrics at Border Security Checkpoints

Words of the Day: MAC and DAC »






Back To Top
Copyright © Unisys 2017

We use cookies on this site. By using this site, you agree to our use of cookies. To change or learn more, see our Privacy Notice.