This post is an excerpt from GovLoop’s recent Guide to Government’s Critical Cyberthreats. This research guide explains the various cyberattacks government endures and provides steps to safeguard your information systems.
Federal agencies are under increased pressure to effectively secure government IT after a series of headline-making breaches were discovered last year. But in a recent interview, Mark Kneidinger, Director of Federal Network Resilience in the Office of Cybersecurity and Communication at the Department of Homeland Security, said that pressure may be exactly what government needs to move forward.
“That pressure’s almost like applying pressure to create a diamond,” he said. “You really are creating a very strong unified front now.”
Today, government agencies are seeking new ways to work together to create a better cybersecurity. “What we’re seeing is really a major sea change that is occurring across agencies in regards to the level and degree of collaboration,” said Kneidinger. “They’re not seeing themselves as an island unto themselves anymore, but instead realizing the deep dependencies on each other in regards to best practices, as well as shared services.”
THE CASE FOR COLLABORATION
Federal government is known for operating in siloes - so why the sudden focus on collaboration?
Kneidinger mentioned the OPM breach that made headlines last year as one reason. “That breach really brought to the forefront that agencies need to know how well prepared they are, so they don’t end up the next one on the front page of the newspaper.” But he said what really motivated agencies to think more collaboratively about cybersecurity was the federal response to that breach.
Kneidinger cited last year’s Executive Mem- orandum 16-04 and the President’s current Cybersecurity National Action Plan (CNAP) as prime examples. “If you look at both those documents, you’ll see how agencies are preparing themselves to combat the various cyber incidents by working together,” he said.
For instance, the Cybersecurity Strategy and Implementation Plan outlined in Memorandum 16-04 ultimately involved 63 federal agencies, which worked together to achieve seven objectives. The mission of the seven working groups was to provide recommendations for implementation in support of these objectives during a 30-day sprint. “So the driver was the OPM breach,” said Kneidinger. “But then these actions were identified that collectively the government worked together in very short sprints to be able to accomplish a great deal.”
Additionally, he referenced the binding operational directive (BOD) who authority was provided to DHS through FISMA 2014. The first directive was targeted at identifying and securing critical vulnerabilities across agencies. But Kneidinger impressed that the the most interesting thing about the BOD - beyond the speed which the agencies responded to mitigating the critical vulnerabilities - was the communication norms it established between agency CIOs and deputy secretaries.
“Bringing that visibility to the Deputy Secretary was so important and it provided the CIO a couple things,” he explained. “One, it provided the CIO the visibility to the Deputy Secretary on a regular basis that in many instances had not occurred. Two, it gained the support of the Deputy Secretary to support the CIO, in accomplishing his tasks, specifically in the cybersecurity area.” These formalized communication channels helped create a more holistic and collaborative approach to cybersecurity among agency leadership.
Kneidinger joked that usually when you release a directive, you’re likely to see resistance to the order. However, he’s actually seen many leaders thank DHS for enforcing the directive and establishing these channels. “To get a thank you to provide that forcing factor certainly was unusual. But the BOD reemphasized the need of really building and opening that communication channel up between the deputy secretaries and the CIO, and quite honestly, reinforcing that communication channel between the CIO and the CISO.”
TACTICS TO BOLSTER COLLABORATION
Kneidinger is excited at the possibilities that collaboration will provide to cybersecurity efforts. “We need to be able to share what we’re learning, how we’re approaching events, as well as when we take a look at programs, take a look at them from a government-wide perspective.”
Nevertheless, he did note a few challenges that might hinder collaborative efforts, skill recruitment and retention being at the top of the list. While collaboration across agencies will certainly create stronger cybersecurity, each team still requires skilled staff to deploy and maintain day-to-day security tactics. “One of the ways that we can do that is provide the cybersecurity professional an opportunity for the growth, for training, to work on critical interesting projects, to provide an opportunity for them actually to move around on different projects and take on short-term projects.”
He mentioned the effective recruitment efforts of newer digital agencies like 18F and the US Digital Service as prime examples of how government can attract technical talent with these tactics. “What we’re looking at from the CNAP aspect is, how can we replicate these types of approaches in the rest of government,” he said.
Second, Kneidinger said that despite the increased awareness of cybersecurity needs across agencies, “there’s a broader need in regards to having the mission owners within the agencies understand the criticalness of cybersecurity, and what that means in relationship to the type of data that they own.”
To help increase cybersecurity ownership among staff, Kneidinger’s team is providing data and educational materials to agency leaders outside the IT suite. He recalled a recent occasion where one agency requested a briefing for all of the commissioners, executives, and secretariat staff regarding what data the agency maintained and how that data - if left unsecured - might compromise the organization and its partners.
After that briefing, Kneidinger said “the light bulb turned on for many executives to realize that ‘Okay, I have more of a responsibility in cybersecurity than just saying the CIO and CISO are going to take care of it.”
Kneidinger wants to see that awareness continue to expand among government ranks. However, his agency can’t do that alone. “Part of the challenge from that expansion perspective is actually the capabilities of the CISO to be able to relate to the mission owners, the importance of what they’re doing from a security aspect, and the impact on the mission owner’s data.”
Yet he said many federal CISOs don’t have the same access and authority over agency staff as their CIO partners. So his third main area of focus for collaboration is to help federal government rethink the CISO position - in regards to both authority and ideal skillset - to broaden the relationship between CISO and mission owner.
Finally, Kneidinger impressed the need to overcome the traditionally static nature of government. “We need the general ability to move rampantly in the ever changing environment,” he said.
Here, collaboration will be a key to progress. “I think the positive side is that if you have more eyes on the threat issues, and you’re sharing more information, you’re going be better prepared to identify the threats and catch them in advance,” Kneidinger concluded.