The 4 Biggest Government Cybersecurity Threats of 2014 (and How to Stop Them)
While we’ve been busy fretting about Ebola and the Islamic State, in 2014 cybersecurity trumped terrorism as the number one threat to the U.S.
Despite investing billions in cybersecurity, federal, state and local agencies are struggling to keep pace with ever-evolving threats.
Let’s take a look at the biggest cybersecurity threats of 2014 (so far) and steps the federal as well as state and local government can take to stop them.
The Government Workforce
Keeping up with the increasingly sophisticated hackers, is one thing, but these attempts are increasingly thwarted by unassuming employees. According to DailyCaller.com, 21% of breaches can be traced back to security indiscretions by federal workers (although other source point to the number being as high as 50%). Prevention requires that training and technology go hand-in hand. A Government Accountability Office report from June found that employees aren’t trained adequately.
BYOD strategies are the new norm in government. According to GCN, 84% of federal, state and local agencies are striving for the always-on connectivity and collaboration that mobile computing affords.
However, as malware and hackers target weaknesses in mobile devices and operating systems, BYOD strategies can present a real headache. Testing every device to ensure compliance with FISMA and other security protocols is almost impossible. Data management is also a big concern – what happens when workers start editing and sharing official documents on their own devices or share them on cloud-storage like DropBox or Google Drive?
Agencies must seek to establish clear BYOD policies and look for ways to automate many BYOD functions using mobile device management solutions that push updates and security profiles to user devices.
Securing Cloud Data
Storing data beyond the boundaries of the agency data center has always been a concern for feds and state officials alike. Critical to achieving secure deployments is recognition that accountability for the security and privacy of public clouds is ultimately their responsibility. Despite the lack of control and visibility that the public cloud affords, the deployment, configuration, and management of your cloud solution is essentially a balancing act between preserving consistency with your current security policies and dealing with acceptable risk.
One resource that agencies can draw on is the Federal Risk and Authorization Management Program (FedRAMP) which offers a planning and due diligence process that can help agencies “identify security and privacy challenges associated with cloud computing and how your agency can address them to successfully implement cloud computing solutions.”
In addition, there are cloud service providers out there who have developed specialized cloud solutions that address the sensitive data requirements and security regulations of the federal government and its contractors. For example, Amazon Web Services launched GovCloud (US) in 2011. AWS GovCloud is an isolated AWS Region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.
Agencies can also draw on the expertise of DLT’s Cloud Navigator team.
The Internet of Things
As the rate of connected devices rises, the number of hackable things does too. If agencies are not already focusing on educating their employees about the dangers of cybersecurity, they need to. And if they have not considered mobile device management and endpoint security, they need to!
Read more about The Internet of Hackable Things and strategies you can take to reduce risk.
The Bottom Line
Protecting critical infrastructure against growing and evolving cyber threats requires a layered approach that encompasses protection, prevention, employee training, mitigation, and recovery from cyber incidents.
Agencies must and are making wise and thoughtful decisions on how tax payer dollars are invested. The City of Los Angeles, for example, has integrated a Cyber Intrusion Command Center that scans for threats to city data, but also establishes a more mature model for cybersecurity governance, explains Government Technology.
Over on Capitol Hill, the federal government has also broadened its role beyond the scope of protecting its own mission-critical systems and data to aid state and local governments and the private sector. The DHS Enhanced Cybersecurity Services (ECS) program helps protect the country’s critical infrastructure by sharing intelligence and indicators about cyber threats gathered from agencies across the federal government.
As the threat of more sophisticated and elusive attacks evolve – prioritizing cybersecurity must continue to be a priority.