In 1988, Robert Tappan Morris became the first person to be convicted under the U.S. Computer Fraud and Abuse Act. Curious about how big the Internet was, Morris wrote a script now known as the “Morris worm.” He never intended to inflict harm to machines, but as the worm replicated and spread throughout the Internet, networks slowed, crippling computers.
The Morris worm would serve as a preview of a world to come, and agencies have placed a strong emphasis on cybersecurity and cyber controls at their agencies ever since. We live in a hyper connected world, where information technology administers must reconcile the need for modernization against the significant security risks posed by IT deployment. Today, data can be transferred through a variety of IT services, including cloud, flash storage, e-mail or even printed copies. Regardless of the technology, data security requires a concerted effort to take a holistic approach to information management.
At GovLoop, we see information security as the defining challenge of this era of government: How can government meet security demands against modernization? This is by no means an easy task and, unfortunately, it does not yet have a definitive solution. But this guide will challenge you to build a culture of cybersecurity. We’re calling on you to be cyber champions, to learn the best ways to communicate cybersecurity needs across your agency. This guide will help you think about larger cybersecurity trends and create an environment that has the agility to respond to new and emerging threats.
To produce our guide, we asked our online community of more 100,000 government professionals about their cybersecurity challenges and concerns. In this report you’ll find answers to 12 cybersecurity questions:
- What does it mean to be secure?
- What’s critical infrastructure? Why is it at risk?
- How do we recruit and retain the next generation of cyber professionals?
- I am not a cyber professional — why should I care about cybersecurity?
- How can we create a culture of cyber awareness at our agency?
- How can my agency use the NIST Cybersecurity Framework?
- What are some strategies to combat insider threats?
- What kinds of attacks are we most vulnerable to?
- How can automation help us become more efficient to combat cyberattacks?
- What do I need to know about the Continuous Diagnostics and Mitigation program?
- What is our plan when we are attacked?
- What do I need to know about cybersecurity and the Internet of Things?
We also interviewed industry leaders to help us further explore the challenges and understand the technical solutions available to the government community. But we know that cybersecurity is a vast, complex field. In this report we hope to:
- Educate government employees concerned about cybersecurity, even if they do not directly deal with cyber issues on a daily basis.
- Improve how IT leaders communicate cyber issues across teams and departments.
- Provide cybersecurity analysts on the frontlines a broad overview of market trends and additional access to cyber resources.
Cybersecurity is not just important to the IT professional; it takes a culture of cybersecurity and awareness to protect data. To protect information today, we must think beyond technical specifications and solutions. Our guide will challenge you to think about how to start a meaningful cybersecurity conversation at your agency.
Thank you to our industry partners for sponsoring our report