PERSPECTIVE: How Expected Breaches Can Help Federal Agencies Combat Cyberattacks


The news is full of stories of cybersecurity breaches at all levels of government, and federal agencies are a particularly popular target. In fact, Microsoft’s Digital Defense Report found that 46% of all nation-state cyberattacks over a one-year period were against US organizations, and 48% of attacks targeted government agencies.

Unfortunately, these attacks are becoming increasingly dangerous and costly. IBM’s Cost of a Data Breach 2022 report explained that the average cost of a breach in the public sector was $2.07 million. Additionally, the average time to detect and contain a breach was 277 days, which increased cost and risk.

Federal agency personnel and industry experts are constantly discussing how best to protect government systems from the lingering threat of cyberattacks, especially as the attack surface expands and agencies become more vulnerable. . And while there are many dimensions to the challenges facing organizations, there is no single solution. However, one thing is clear: it is time for the federal government to rethink its approach to cyberattacks and breaches with a more resilient strategy.

A late mindset shift

Agencies often deal with cyberattacks and breaches as needed. When IT personnel detect a breach, cybersecurity teams mobilize to block the attack and limit the damage. This approach was sufficient in the days when cyberattacks were a relatively infrequent problem. But today’s federal agencies are vulnerable and under constant attack.

While our defenses are designed to prevent most threats from accessing or entering government systems (think perimeter defenses, such as firewalls, VPNs, etc., which attempt to prevent bad actors from ‘enter), it’s an unavoidable reality of our hyperconnected world that certain attacks break through.

Agencies need to shift their mindsets, policies and procedures away from the impossible task of preventing everything breaches to occur to also find ways to limit the damage from successful attacks. Rather than spending time and money solely on preventing breaches, agencies should focus on assuming they will happen and containing them to prevent their spread, thereby mitigating the damage and operational fallout that they can cause. Agencies need to change their mindset to “assume a violation”. This will require a significant cultural shift.

Agencies often focus on compliance, following the rules and ticking off each box on a checklist — for example, completing the scorecard requirements of the federal IT Acquisition Reform Act. information (FITARA). Instead, experts advocate a proactive approach in which agencies identify areas where cybersecurity is weakest and allocate resources to build resilience in that area.

This requires the federal government to invest more in capabilities such as visibility up front, so it can better understand the risks facing its infrastructure, networks and systems, and make more informed investment decisions early on. the beginning. However, today most agencies do not identify these weaknesses until a breach has occurred. It is then often too late. No system is perfect; vulnerabilities exist in every organization. But if an agency hasn’t prepared for breaches and developed a strategy to proactively contain them, that lack of preparation can lead to more dramatic consequences.

Plan ahead with a proactive approach

To reduce risk and build resilience in the face of inevitable breaches, agencies need to plan ahead. They need to take a more proactive approach to cyber finance, given the complex procurement and budgeting processes they must manage, and commit to continually spending money on cybersecurity. This process will never be complete. Each year, agencies should identify areas for improvement and include them in budget plans. This embeds the continuous improvement of cybersecurity into the culture of each agency.

Even though cybersecurity teams aren’t sure exactly what they’ll need to fix or what solutions they’ll put in place, they need to make sure the money is always allocated within the budget. This way, they will have resources available if they find a gap in their defenses – or if they need to comply with the requirements of a new mandate like the May 2021 Cybersecurity Executive Order (EO).

In the EO, the Biden administration noted that within 60 days, agency heads must “develop a plan to implement the Zero Trust Architecture…and outline all milestones already achieved, identify activities that will have the most immediate safety impact and include a timeline for implementing them. Mandating the widespread adoption of Zero Trust is just one example of the government’s desire to take a more proactive approach to cybersecurity (CISA and OMB have also called it).

Zero Trust assumes that even internal network traffic cannot be trusted without prior authorization and user and device authentication. This is a “never trust, always verify” approach to security. With Zero Trust tools and technologies in place, such as Zero Trust Segmentation (i.e. microsegmentation), federal agencies can prevent cyberattacks from traveling, isolate ransomware, and ultimately reduce operational impact and monetary losses. Zero Trust reduces the attack surface from the outset, making it easier for federal agencies to combat today’s evolving threats while maximizing their budget.

While agencies have many ways to deal with modern cybersecurity threats, the most enduring and resilient course of action is to be proactive. Breaches are going to happen, so assume they are already inside your network and implement Zero Trust policies to proactively contain them. This reduces risk and builds resilience, so agencies can keep critical infrastructure, operations and assets running and safe.

The views expressed here are those of the author and are not necessarily endorsed by Homeland Security Today, which welcomes a wide range of views in support of securing our homeland. To submit an article for review, email [email protected]


Comments are closed.