, ,

The Secret for Dealing With Cybersecurity Changes

This blog is the third of three articles about the value of understanding the latest trends in government technology. GovLoop partnered on this series with GovWhitePapers, a hub for educational content and thought leadership about the public sector. Working together, we aim to explain how ongoing awareness of technology trends can make agencies safer, strengthen their teams and help their employees use their tools more effectively. Click here for the rest of the series.

Cybersecurity constantly evolves, and the public sector is struggling with the rapid pace. Every time that agencies grasp the latest developments, a new twist can upend what their employees knew.

Take President Joe Biden’s executive order (EO) on cybersecurity. Issued in May 2021, the EO tasked federal agencies with transforming their cybersecurity in ways that will likely influence state and local governments too. Going forward, many agencies must modernize their IT networks, enhance their supply chain security, enhance their cybersecurity practices and procedures and create incident response plans. At any level, how are agencies supposed to quickly comprehend and implement such massive changes?

The answer is ongoing education and awareness. Organizations like GovWhitePapers are helping to facilitate that learning. GovWhitePapers acts as a hub for assets and research meant to benefit agencies. Using these resources, agencies can promptly interpret what dramatic shifts in cybersecurity, such as Biden’s EO, may mean for them.

“Change is hard, but for the security of critical data and infrastructure, it’s important,” said Kerry Rea, GovWhitePapers’ President. “The EO really changes how agencies look at securing networks, adding in the need for supply chain visibility and challenging the status quo of, ‘This is how we’ve always secured our networks.’”

Of the EO’s details, zero-trust security may make the biggest splash at agencies. Zero trust is an approach to security that refuses to trust users, devices and other computing entities until their identity has been verified. Once trust is established, these entities can access what’s necessary to get specific work done, including valuables like agencies’ sensitive constituent data.

Yet from the top down, zero-trust security is a drastic departure from tradition for many agencies. In recent years, most agencies have built perimeters around their commodities to shield them from security risks. Recognizing that threats can emerge from inside or outside such barriers, this marks a new way of thinking for these agencies.

“To the untrained eye, this seems untenable,” Rea said of zero-trust security. “When we depend on digital information and connection to do most everything, how can we use a process where we must constantly verify identity and access permissions?”

How can agencies embrace zero-trust security if they have never tried it before? Clearing up misconceptions is key. For example, some people unfamiliar with zero-trust security think one technology can supply it. Nothing could be further from the truth, and GovWhitePapers can clarify this and other assumptions about concepts like zero-trust security.

“It is important to note that there is no single off-the-shelf solution,” Rea said. “Zero trust is achieved by bringing together a wide variety of security components, including a policy enforcement point, security information and event management (SIEM), threat intelligence, security logs and more.”

Biden’s EO also strives to improve how the public and private sectors share threat intelligence. Consider contractual obligations, which often prevent private-sector companies from sharing threat intelligence with agencies. Due to the EO, some of these roadblocks have disappeared.

“Public-private partnership is a big part of the EO as it directs agencies to find ways to break down silos and allow the government and the private sector to better share threat intelligence,” Rea said. “Until a lot of the information sharing can be automated, good old-fashioned networking may be key.”

In the COVID-19 era, however, networking is less common due to social distancing. Whether networking events are physical or virtual, organizations like GovWhitePapers can share the most important developments about topics like cybersecurity with agencies.

“We want all our readers to find relevant information that will help them make informed decisions,” Rea said of GovWhitePapers.

To learn more about closing the public sector’s knowledge gaps with continuous learning, click here for GovWhitePapers’ content. And for more information about public-sector people, processes and tools, click here to read the rest of GovLoop’s series about technology trends.

Leave a Comment

Leave a comment

Leave a Reply