The breach of a U.S. Army National Guard base by China-backed hacking group Salt Typhoon has highlighted the risks of government digital innovation. Over the course of nine months in 2024, hackers infiltrated sensitive networks, demonstrating that adversaries are not only stealing data but also establishing footholds inside U.S. response agencies to weaken the country from within.
The breach marks a turning point. Governments can no longer focus on prevention alone, as adversaries already maintain access to U.S. systems. Continuing to solely invest in prevention is like reinforcing the wall or building new guard towers after the enemy is inside. Agency leaders must shift toward a strategy built on resilience and rapid recovery as the new pillars of government cybersecurity.
- Adopt a “Recovery by Design” Strategy
The way forward is “recovery by design,” which requires a policy, cultural and paradigm shift across the public and private sectors. Governments should prioritize building systems that assume breach and can withstand and recover from cyberattacks. Essential strategic elements should include immutable data backups and automated detection along with practiced rapid response. In this case, immutable data guarantees that even if an attacker gains access, critical information cannot be altered or destroyed. Automated detection and response, driven by artificial intelligence (AI), should be included in this strategy to neutralize threats at machine speed, much faster than people can.
Recovery by design shifts governments from a reactive, checklist-driven approach to a strategy that plans for disruption and helps ensure organizational and business continuity. To achieve this, governments should:
- Implement Proactive Data Protection and Recovery Efforts: Identify and focus on the systems, data and services that are essential for agencies’ mission and public safety.
- Conduct a Risk Assessment: Understand the financial, operational and mission damage if assets are compromised.
- Assume Breach: Zero-trust architecture requires strict authentication for every user and device, inside or outside the network.
- Isolate Systems and Data from the Network: Prevents attackers from moving laterally through the system and minimizes widespread damage.
- Secure and Isolate Backups: Helps avoid encrypted, altered or deleted data by attackers. Air-gapped backups are physically or logically isolated from the network, to ensure a clean recovery point.
- End-to-end Encryption: Applying to sensitive data at rest and in transit makes compromised data less valuable to attackers.
- Create a Response and Recovery Plan: Develop a plan that defines roles, responsibilities, communication protocols and recovery procedures in the event of a cyberattack. Recovery plans — for cyber incidents and other disruptions — should be regularly updated. Simulate cyberattacks to test the plan’s effectiveness, identify weak points and ensure government personnel understand their roles.
- Build Resilience Through Collaboration
Cyber resilience requires collaboration, not silos. Government and industry must run joint recovery exercises that mirror real-world crises. These drills build the experience needed for rapid, coordinated response beyond compliance checklists. Furthermore, information sharing between the public and private sector during attacks enables collective defense, accelerates incident response and provides broader threat awareness.
- Deploy AI For Complex Cyber Tasks
AI is a powerful tool for strengthening cyber defenses, particularly when it comes to handling complex tasks that exceed human speed and capacity. AI, with its ability to learn, adapt and act autonomously, offers the capacity needed to manage intricate, large-scale cyber incidents in real time. However, its use also expands the attack surface, underscoring the need to rethink security design and enforce strict oversight and governance.
Redefining American Cyber Strength
The future of America’s security will be defined not by how well governments stop every intrusion, but by how well they recover when — not if — adversaries strike. Recovery must be built into our government’s digital infrastructure with the same priority as prevention and detection, shaping policy, procurement and partnerships.
By designing resilience from the start, governments can sustain critical services, preserve public trust and deny adversaries the strategic advantage they seek. In an era where disruption is inevitable, governments that build cyber strength will not be those that avoid risk, but those that recover with speed, integrity and confidence.
The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik. This article is for informational purposes only and does not constitute business or legal advice. Organizations should consult with legal and compliance professionals to ensure their cybersecurity strategies meet all applicable federal, state, and international requirements.
Travis Rosiek currently serves as public sector chief technology officer (CTO) at Rubrik, helping government agencies become more cyber and data resilient. Rosiek is an accomplished cybersecurity executive with more than 20 years in the industry. His experience spans driving innovation as a cybersecurity leader for global organizations and CISOs to corporate executives building products and services. He has built and grown cybersecurity companies and led large cybersecurity programs within the Department of Defense (DoD). As a cyber leader at the DoD, he was awarded the Annual Individual Award for Defending the DoD’s Networks.
Prior to Rubrik, Travis held several leadership roles, including chief technology and strategy officer at BluVector, CTO at Tychon, federal CTO at FireEye, a principal at Intel Security/McAfee, and leader at the Defense Information Systems Agency (DISA). He has served on the National Security Telecommunications Advisory Committee (NSTAC) as an ICIT fellow and on multiple advisory boards.
Leave a Reply
You must be logged in to post a comment.