In July 2013, GovLoop held an informative webinar on Combating the Cyber Threat Landscape. Given that federal agencies have seen an 800% increase in cybersecurity incidents over the last seven years, the discussion was particularly relevant and timely. You can view the on-demand session and read the event recap below.
Alan Paller – Director of Research, SANS Institute
Paller honed in on clarifying two major issues in the cybersecurity landscape:
1) The vast majority of threats can actually be stopped.
With the staggering increase in cyber threats, it’s easy to get intimidated with the daunting task of cybersecurity. Paller emphasized that it is possible to protect against the vast majority of threats using a manageable number of mitigation strategies.
He highlighted the great work done by the Australian Defence Signals Directorate (DSD), which won the 2011 U.S. National Cybersecurity Innovation Award. Through their extensive experience, the DSD has been able to provide useful resources for other government agencies to develop their cyber protection strategies. Paller underscored the finding that at least 85% of the targeted cyber intrusions could be prevented by 4 central mitigation strategies:
- Application whitelisting
- Application patching
- System patching
- Limit number of admins
More information and other resources from the DSD are available here.
2) Building the workforce capacity to take on cybersecurity
Strong cybersecurity requires a strong cybersecurity workforce and not surprisingly, the demand for trained professionals in the area is soaring. Paller talked about how the State of Illinois is partnering with the Cyber Aces Foundation to put on the Illinois Governor’s Cyber Challenge, a statewide competition to fill mission-critical jobs in IT security. Designed to provide a pathway of training for Veterans and students, the program is part of Governor Quinn’s agenda to both bolster employment and improve public safety.
Jim Richmann – Study Director of Cybersecurity Research, Institute of Defense Analyses
Richmann centered his presentation on the establishing metrics in cyber defense. A great from his presentation was, “If you can’t measure it, you can’t manage it.” Richmann provided some great illustrative diagrams on how to define and map out your agency’s cyber defense strategy and spot areas of vulnerability. His team established an approach to mapping cyber attacks to the impacts on an agency mission. In explaining the approach, Richmann underlined that, “Where the rubber meets the road in cyber security is where the assets and vulnerabilities are considered in pairs.” These assets refer to an organization’s resources in cyber security. His team has established a database of asset-vulnerability pairs and found that the majority of these threats can be mitigated by a few simple controls. Check out the materials and links in the archived event to learn more – several useful tactics were discussed.
Scott Stevens – Security Strategist, Dell Federal Marketing
Stevens provided a solid overview of the cybersecurity landscape in government and also presented Dell’s complete lifecycle approach to protection. To reveal the implications faced globally, Stevens noted that the US Government has proposed a budge of $13 billion annually to cybersecurity over the next 5 years. In context to today’s federal IT budget, that roughly a 16% allocation. Dell’s has a connected, integrated approach to protect from device to cloud through three primary focus areas of action:
- Embed security at the time of manufacture.
- Protect from device to cloud using predictive intelligence.
- Respond to breaches and eradicate immediately.
In relation to the first point – employing devices built for security – the Latitude 10 Enhanced Security Tablet serves a powerful example. It has specific security features for government, such as a built-in CAC card reader as well as authentication and encryption capabilities.
Special thanks to the sponsors of the awesome webinar!
Learn more about Dell solutions that are transforming the federal government for the future here.