By James Yeager, Vice President, Public Sector and Healthcare, CrowdStrike
Federal agencies are under increasing pressure to protect mission-critical data and information with a threat environment that is ever-evolving. From SolarWinds to Colonial Pipeline to JBS Foods to Kaseya, the news has been dark in terms of the ability of adversaries to infiltrate, and laterally move across, government and critical infrastructure networks.
As the President’s Executive Order for Improving the Nation’s Cybersecurity notes, “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”
There is light at the end of the tunnel, though. Here are four positive areas that should generate hope for government agencies.
The President’s Cyber Executive Order (EO) has put a focus on cybersecurity that hasn’t been there before. The Administration has put into place the most comprehensive and detailed Cyber EO to date, providing prescriptive language and directives agencies must follow to upgrade and modernize their cyber posture. The Cyber EO has more teeth than other initiatives in the past. For instance, recognizing that security requires a collaborative approach, the government is revising contractual language and removing barriers that prevent IT and cloud service providers from sharing threat information with departments and agencies responsible for protecting the nation.
This area is already being addressed by the recent announcement of the Joint Cyber Defense Collaborative (JCDC), a new initiative launched by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). The JCDC seeks to create an inclusive, collaborative environment aimed at developing a more proactive cyber defense strategy, for the purpose of helping both the public and private sectors implement coordinated operations to prevent and respond to cyberattacks. Critical to demonstrating our collective resolve will be preparedness, a topic that will no doubt garner plenty of attention in the early stages of JCDC discussions.
The EO also directs agencies to implement Zero Trust Architecture and accelerates the movement to secure cloud services. Since agencies cannot protect what they cannot see, the EO focuses on visibility and early detection of cybersecurity vulnerabilities and incidents on government networks, mandating agencies deploy Endpoint Detection and Response (EDR) solutions for proactive detection and remediation of cybersecurity incidents. As part of the EO, CISA recently submitted recommendations on how to implement enterprise-wide EDR capabilities with the goal of enabling agencies to better protect their endpoints.
CISA has been given the power and mandate to implement many of the initiatives included in the Cyber EO. CISA now has greater authority to oversee and manage the government’s ambitious cybersecurity effort. CISA received an infusion of funds – $650 million as part of the coronavirus relief legislation in March – for its operations to defend the nation against cybersecurity risks. Having a single point of authority within the government should provide a more robust cyber capability.
The National Defense Authorization Act (NDAA) 2021 incorporates information for a more modern cyber approach for defense agencies, including the use of speed-based metrics. There is a long list of variables that come into play when dealing with cyber incidents and breaches. A legitimate argument can be made that the element of speed is at the top of this list. When an organization is the victim of a cyberattack, the time it takes to identify and resolve a breach is critical.
The NDAA requires the Department of Defense (DOD) to initiate pilot programs, demonstrations, and/or plans for implementing speed-based cybersecurity capability metrics to measure performance and effectiveness, as well as enhance interoperability and automated orchestration of cybersecurity systems. The pilot programs will also evaluate the effectiveness of cybersecurity providers, products, and technologies to detect, respond to, and mitigate attacks. The speed metrics capability aligns with CrowdStrike’s 1-10-60 cybersecurity rule: 1 minute to detect a breach, 10 minutes to investigate, and 60 minutes to remediate. This is a step forward that will help defense agencies minimize the impact of a cyberattack and prevent it from becoming a more large-scale breach.
The Administration has assembled a formidable team of cybersecurity experts to lead the nation’s cyber efforts. Anne Neuberger, who holds the new position of Deputy National Security Advisor for Cyber and Emerging Technology, previously led the National Security Agency’s (NSA) cybersecurity defense operations, including efforts to protect the 2018 mid-term elections from cyberattacks and disinformation operations. Jen Easterly, a former NSA official who helped launch U.S. Cyber Command, is now the new head of CISA while former NSA Deputy Director Chris Inglis was confirmed by the Senate in June as the first White House National Cyber Director. These high-profile appointments will provide the Administration – and the government as a whole – deep security expertise and strategic cyber direction going forward. Building a more proactive and resilient cyber defense strategy will require tremendous leadership. With these appointments, it’s clear that the Administration recognizes this point.
Although there is no “quick fix” to the government’s cyber challenges, these four initiatives will help position the government to make the bold changes and investments needed to protect the nation from malicious cyber actors and chart a new course for improving the nation’s cybersecurity.