Government agencies are barraged with more than 10,000 cyberthreats every day. This sounds disastrous, but in reality not every threat is critical and not every threat needs to be managed in the same way. As a result, government agencies need to help cyber professionals sift through the threats and ignore the less critical ones while mitigating the ones that actually matter.
One way to do this is by improving your Security Operations, or SecOps, by connecting security and operations teams to create more visibility in your networks. This relationship, in turn allows your organization better identify the types of security threats that are facing your network and how to prioritize responses to them.
To help agencies better understand how they can effectively leverage SecOps, GovLoop and ServiceNow brought together experts from across the sectors to discuss cyber solutions during the “Which Cyberthreats Actually Matter?” roundtable.
Logan O’Shaughnessy, Lead Incident Response at the Department of Health and Human Services; Alexis Wales, Cybersecurity Governances Lead at the Office of Cybersecurity and Communications at the Department of Homeland Security; Robert Osborn, Chief Technology Officer of the Federal and Public Sector at ServiceNow; and Brian Crosby, Solution Architect at ServiceNow led a discussion where three trends became clear:
Get proactive about cybersecurity. SecOps allows for proactive cyber practices by taking a management approach that bridges the gap between security and operations teams. Osborn explained, “in order to understand cybersecurity and what is really happening on the landscape, we need to know the impact of particular attacks, on what technologies, that were supporting the delivery of what services.” This contextual awareness encompasses the security and operational facets of an organization and allows the agency to comprehensively understand the threat environment and move into making proactive cybersecurity decisions.
However, this can be difficult to do across government because agencies have different resources and cyber maturity levels. Osborn explained that he and his team are encouraging agencies to change their approach to security and move away from a complex application environment towards a platform management approach. “Taking this approach allows organizations to increase their cyber defense posture and lower the overall surface that is vulnerable to attacks,” he said.
Osborn acknowledged that this philosophical shift in agencies’ approach to cybersecurity is challenging. Furthermore, actually making the shift from complex infrastructure and architecture to a platform model is even harder, but ultimately is worth it. Platforms offer a secure space for security teams to be proactive and responsive to attacks while facilitating efficient work by business and operations teams.
Bridge the gap between privacy and security. Understanding the intersection between privacy and security is another critical facet to prioritizing cyberthreats. O’Shaughnessy explained, “There is a disconnect where agencies work with privacy and security and while security is important, privacy is fundamental to governments successfully accomplishing their missions.”
While security and privacy are connected, the risk environment is unique for each element. The risk with cyber incidents revolves around things that drive the agency’s mission while privacy risks are not operational threats but, threats to the people that agencies interact with and provide services to. O’Shaughnessy emphasized that an agency can be the most secure agency in the world, but if they are not protecting their constituents’’ privacy they are going to have a major problem on their hands.
Simplify Cyber. Perhaps the most important aspect of cybersecurity is making implementation practices accessible to people throughout agencies. “A common thing we keep hearing is that cybersecurity isn’t an IT problem, it’s a people problem,” Crosby said. “The real issue is that people don’t understand what they have to do to maintain security and privacy and until we get to the point where that comprehension is easy, best cybersecurity practices aren’t going to happen.”
In order to get to the place where cybersecurity is easy, agencies have to be able to communicate cyber priorities and practices across the agency. Wales explained, “when we start to drive best practices for cyber hygiene we need to keep it simple and focus holistically on the technology, people and processes and deliver information to agencies at a level that makes sense to them.” Wales and her team work to achieve this by translating the NIST Cybersecurity Framework into simple language that they provide to their agency partners, allowing them to effectively leverage the framework and better the security posture in their office.
Looking forward, agencies must take these trends into account in order to improve their cyber posture. Bringing the technology, people, and processes behind cybersecurity onto the same page is necessary for driving cyber priorities and ultimately, agency mission.