Make Cyber Great Again

No cybersecurity architecture governs civilian federal agencies, and existing attempts to address threats to the federal government highlight out-of-date solutions and a growing risk to our cybersecurity.

The National Cyber Protection System (EINSTEIN) was developed by the Department of Homeland Security (DHS) to protect information systems of the civilian U.S. Government from intrusion and attacks. Despite being well funded, with over $450 million dollars spent annually, these programs still mostly leverage quasi-obsolete, signature-based technologies and only protect an agency’s perimeter, neglecting Cloud and mobile systems.

As a result, agencies are provisioning their own commodity IT services. This is not a core mission function of agencies, and many of them lack the ability to provide sufficient resources to keep up with technological advances and security breaches.

The situation has resulted in IT services duplication and waste within and among agencies, as documented in General Accounting Office Reports and Office of Management and Budget analyses of agency investment data. The situation has also lead to a growing number of agency cyber-incidents, resulting in a significant loss of sensitive mission, financial, and personnel data.

Current programs attempting to secure the threat landscape are insufficient to address evolving departmental risks. These programs face the following challenges:

1.     A one-size-fits-all approach does not work. Departments and agencies have drastically different sizes - from hundreds of employees to one hundred thousand employees - and cybersecurity budgets, along with IT expertise, face different threats.

2.     The lack of an overarching cybersecurity architecture fails to tie these components into one cohesive unit.

3.     The acquisition pace of the government is slow. Acquired systems are quickly out of date and fail to address the current threat landscape.

4.     There is a shift towards Cloud and mobile devices. These environments operate outside the protections provided by existing perimeter-based approaches.

In an effort to address these issues, the DHS Science and Technology Directorate has created the Cyber.gov program.

As Subject Matter Expert and Lead Architect of Cyber.gov, we were tasked with creating a robust, innovative, and holistic cybersecurity architecture design that mitigates modern threats by leveraging better practices and implementable solutions with minimal impact to workplace efficiency. It will not only address issues of perimeter-based defense, but also bring new technology, such as Software Defined Perimeter (SDP), tailored to the .gov domain, while guiding CIOs and CISOs in selecting and implementing current practices for cyber security components.

While the Cyber.gov program brings a new strategy and up-to-date solutions to the agencies, significant deficits in critical personnel and technical talent acquisitions will hinder any chance of successful implementation and on-going management of these cybersecurity solutions.

Urgent Action Needed

Presently, almost every cybersecurity appointed role, including the Federal Chief Information Officer and Federal Chief Information Security Officer, several Chief Information Officers, and DHS cyber appointees, remain vacant. If these positions are not immediately filled with those knowledgeable of this new technology, regaining control of the information outflow will become more difficult, if not impossible.

Cyber is evolving at a pace that’s never been seen before. Finding the right talent to keep up with that pace and bring appropriate technologies to the .gov domain is critical. Specific technologies, such as SDP, provided by companies like Google, Cryptzone, and Vidder, enforces the principles of multi-factor authentication, patching, least privilege, and need to know, while protecting legacy systems. This encompasses the Cloud, mobile, and premise systems.

We need to ensure current, leading-edge solutions are immediately deployed across the .gov domain.

It is finally time for us to make cyber great again!

Nicolas Chaillan (Opinions are my own.)