This interview is an excerpt from our recent guide, 30 Government Innovations That Mattered in 2015 which examines 30 government case studies that explore innovation at all levels of government. Innovations that spanned the government job spectrum from human resources to cybersecurity and back again.
The largest cyber breach in the history of government saw the personally identifiable information of more than 22 million federal government employees, contractors, and their families compromised. Classified records, government security clearances, and even fingerprints were leaked after a simple phishing attack infiltrated the Office of Personnel Management’s (OPM) network.
In order to better understand the breach, the government’s reaction, and how future attacks can be prevented, GovLoop sat down with Ned Miller, Chief Technology Strategist for Public Sector at Intel.
“In the wake of the breach, the Office of Management and Budget and the Office of the Federal Chief Information Officer assembled a taskforce to operationalize an investigation into the breach,” said Miller. “ I think this was a great next step following the 30-day cybersecurity sprint.”
The taskforce discovered that the OPM breach was specifically conducted through a phishing attack – or an email borne attack. A phishing attack typically involves a specific individual the hacker considers a high value asset. The attackers attempt to compromise their credentials in order to get to datasets.
“Once they capture their credentials, they use that information to do a privileged escalation,” Miller said. “A privileged escalation gives the hacker the opportunity to laterally move across the network. So the hacker has the ability to compromise additional high value assets.” The way they come into the system is typically through an endpoint or a consumer’s device.
In order to help agencies find a path forward after the breach, the White House released a mandate that, according to Miller, takes a more comprehensive and prescriptive approach than the federal cybersecurity sprint. For example, the memo mandates that within 30 days all agencies must comply with the guidance directed towards authentication and credentials.
However, Miller concedes the new guidance will not be easy to implement. “There will be a number of challenges the government will face, in particular those of information sharing, skilled resources, and budget alignment.”
Budget alignment The fiscal year 2016 budgets were drafted months ago. Now the new guidance has come out, so agencies have to align their existing budget allocation to this new guidance. The memo dictates very specific deliverable dates that agencies need to meet. “With the current budgetary environment, those December and March deadlines are going to be very difficult to meet,” Miller said.
Skilled workforce “Right now the government doesn’t have enough cybersecurity talent to implement some of these objectives laid out in the memo,” he said. “If they don’t recruit and hire the right people, they won’t be able to fulfill the objectives in the memo.”
Information sharing The ability to share threat intelligence information in a more meaningful way is paramount to the success of security in government. “We need to share threat information in a way that reinforces our overall position around the threat defense lifecycle,” according to Miller.
To help combat these challenges, Intel has rolled out a Security Threat Defense Lifecycle program. The solution takes a network’s defense sensor grid, whether it’s at the network level or at the endpoint, and creates an automated communication path for those sensors to take a proactive remediation position based on the threat intelligence data that they capture. “With the solution, agencies can remediate threats in a much more efficient manner with fewer resources,” explained Miller. The automated communication path created by the Security Threat Defense
Lifecycle is just one part of Intel’s approach to combating cyber breaches. “For the last 18 months we have been talking about the connected security story. The government has been operating as a series of siloed technologies that are all chasing the same outcome. The challenge was we didn’t have an effective means to share information across those different classifications of sensors,” said Miller. “Now we do.”
Intel’s connected security posture features antivirus, application control software, and a host of intrusion prevention software that make up these different classifications of sensors. Intel created a message fabric that allows points on the defensive sensor grid to actually communicate with one another and share the threat intelligences globally across that sensor grid. “We can react in an automated fashion in milliseconds to the latest threat,” said Miller. Intel’s connected security story is helping to make the government more secure and efficient.