Cybersecurity: A Matter of National Security and Economic Viability

This post is part of GovLoop’s ongoing blog series around one of our latest resources, Navigating the Digital Government Roadmap. In the guide, the most pressing technology trends are identified. The guide is intended to provide a broad spectrum of government technology. Our blog series will dive deeper into each section, so be sure to jump in with your experiences, and take a look at the guide. Also, be sure to check out our infographic: The Digital Government Strategy Timeline.

In a White House blog post, President Obama stated, “Cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cyber security.” As agencies move to the cloud, advance mobile technologies, and develop more robust and interconnected IT systems, maintaining security in a complex and mobile environment becomes focal to obtain the benefits of emerging technology. Agencies must take into consideration cybersecurity protocols and develop systems how they will protect information. Consistently, cyber threats are at the top of CIO’s concerns.

Cybersecurity is a challenge that extends to all levels of government, into the private sector, non-profits, and the international and academic communities. Cybersecurity challenges all stakeholders to work collaboratively, to meet mutual goals and maintain security. As President Obama stated, cybersecurity is not just a matter of efficiency for agencies, it also is a matter of national security and economic viability for our country.

Although there are dozens of challenges today for maintaining cybersecurity, three challenges that are often mentioned on GovLoop and in the government community are network accessibility, diversity of devices, and diversity of network applications.

1. Network Accessibility

Agencies need to understand who has access, when they have access and through what kind of device people are accessing the network. Knowing this information is critical, as it will help agencies identify proper protocols for accessing the networking, and assessing network vulnerabilities.

2. Diversity of Devices on Network

With increasing use of bring-your-own-device policies and the variety of devices available in the market, IT professionals are challenged to protect multiple devices, and often, across different operating systems.

3. Diversity of Network Applications

Agencies sometimes develop homegrown network applications, which sometimes do not comply with agency wide standards, and may potentially open up networks to threats. Although network applications are important for efficiency and productivity, agencies need to be careful while developing, and be sure they meet all the right standards to retain security.

In March, I wrote about how we can protect against cyber attacks, and noted some findings from a GAO report from October 2011:

With all the increasing threats for security, a recent GAO report finds that security incidents have been on the rise, increasing over 650 percent in the past two years. The failure to protect government wide systems can lead to the loss of millions of dollars, intellectual property and disperse classified information.

In a report published by GAO in October of 2011, the most common kinds of threats over the past five years where:

• Unauthorized access (14%)
• Denial of Service (1%)
• Malicious Code (30%)
• Improper Usage (18%)
• Scans/probes/attempted access (11%)
• Unconfirmed incidents under investigation (26%)

Likewise, I mentioned the “near term” goals of the current Obama Administration, in an effort to curb cyber attacks and keep Americans safe. The President’s Cyberspace Policy Review identifies 10 near term actions to support our cybersecurity strategy:

1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities.
2. Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure.
3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics
4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
5. Conduct interagency-cleared legal analyses of priority cybersecurity-related issues.
6. Initiate a national awareness and education campaign to promote cybersecurity.
7. Develop an international cybersecurity policy framework and strengthen our international partnerships.
8. Prepare a cybersecurity incident response plan and initiate a dialog to enhance public-private partnerships.
9. Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure.
10. Build a cybersecurity-based identity management vision and strategy, leveraging privacy-enhancing technologies for the Nation.

Thankfully, Michael Daniel, White House Cybersecurity Coordinator, provides a great update in a recent White House blog post. Michael shares four initiatives by the White House:

• The Defense Industrial Base (DIB) Cybersecurity/Information Assurance (CS/IA) program helps companies protect critical information related to Department of Defense programs and missions. The government shares cybersecurity threat and mitigation information with DIB companies, and in turn, DIB companies can report known intrusions.

• The National Strategy for Trusted Identities in Cyberspace (NSTIC) seeks an “Identity Ecosystem” where individuals will soon be able to choose from a variety of more secure, convenient and privacy-enhancing technologies in lieu of passwords when they log in to different websites. The initial meeting of the Identity Ecosystem Steering Group, the private sector-led body that will help develop Ecosystem standards and policies, is happening next week.

• The Electric Sector Cybersecurity Capability Maturity Model helps firms in the electric sector evaluate and strengthen their cybersecurity capabilities; it also enables the prioritization of network protection investments. This White House-initiated effort, led by the Department of Energy and in coordination with Department of Homeland Security, provides valuable insights to inform investment planning, research and development, and public-private partnership efforts in the electric sector.

• In End-User Cybersecurity Protection, the government is participating in four linked initiatives across the IT industry, law enforcement, the financial sector, and government to counter the threat of malicious software – known as ‘bots.’ This voluntary, public-private effort ties together the capabilities of different sectors to identify compromised computers and help their owners fix them.

Protecting the nation from cyber threats is critical. As citizens perform more daily transactions online with the government and more information is shared, the government has a responsibility to make sure our personal information is protected. Although we are more connected than ever before, more information has been shared and there is more risk of information being breached.

Government agencies now must improve infrastructure to protect against threats and simultaneously reduce the number of cyber attacks within government. As attacks become more complex, agencies need to be ready to protect themselves and improve infrastructure to reduce the number of attacks. Cyber security affects all of us. With government using more devices, and employees accessing information in new ways, government is challenged to keep all systems protected.

You can view the guide below, or be sure to visit our landing page for more information:

This page is brought to you by the GovLoop Technology Solutions Council. The mission of this council is to provide you with information and resources to help improve government. Visit the GovLoop Technology Solutions Council to learn more.