Cybersecurity driving federal decision-making, but shortcomings remain
Cybersecurity is not just an important consideration for the federal government – it's a top-level priority. Numerous incidents over the past few years have revealed that while agency leaders are paying more attention to cybersecurity now than ever before, federal networks remain exceedingly vulnerable to both external attacks and inadvertent data exposure.
A big part of the problem is the simple fact that effective cybersecurity is not an isolated issue. On the contrary, it is all-encompassing, affecting virtually every aspect of IT. Only a comprehensive approach to cybersecurity can keep an organization safe, and that applies just as much to the federal government as it does to private sector entities. With that in mind, it's encouraging that cybersecurity considerations are driving a large portion of federal IT decision-making, as C4ISR & Networks contributor Amber Corrin recently reported. At the same time, though, it is important to note that this trend has thus far not proven sufficient to truly protect federal agencies from cyberthreats.
"92% of government technology professionals now see cybersecurity as a top IT priority."
The writer cited recent research from Deltek which found that 92 percent of government technology professionals now see cybersecurity as a top IT priority. This was by far the most commonly cited priority – cloud computing was a distant second, cited by only 38 percent of government respondents as a top priority.
What's more, Corrin emphasized that cybersecurity considerations are now influencing a broad range of policies and strategies throughout the federal government. For example, Deltek found that cybersecurity is having a major impact on acquisition policies and contracting efforts via officials incorporating these considerations into procurement policies. Additionally, cybersecurity is affecting the way that federal agencies are organized. Notably, the Defense Department has launched a number of new elements specifically designed to address cybersecurity.
Perhaps most significantly, the Deltek report found that spending – arguably the strongest measure of the government's actual level of concern and prioritization – continues to grow for cybersecurity, even at a time when agencies are being forced to scale back their budgets.
"Unlike other areas of discretionary spending, cybersecurity continues to be somewhat immune to budget cuts for the time being, although this we see this trend softening in the out years of the period as agencies achieve many of their planned upgrades, efficiencies and [return on investment] on their spending," the Deltek research stated, according to Corrin.
This is the strongest sign yet that government decision-makers genuinely recognize the seriousness of cybersecurity and are looking to improve agencies' defenses in this area.
There are still many questions regarding the federal government's cybersecurity capabilities as agencies look to the future. What's very clear, though, is that the current status quo is not nearly secure enough.
"The Department of the Interior has experienced at least 19 data breaches in recent years."
This point was driven home by a recent report from the Office of the Inspector General for the U.S. Department of the Interior. The report found that the Department of the Interior has experienced a minimum of 19 data breaches in recent years. These incidents have led to both the loss of data and interrupted a variety of operations. In a number of cases, the cyberattacks were traced back to foreign intelligence services. And in at least one of these cases, the attackers had the ability to potentially gain complete control over DOI systems, although it is not clear to what extent the intruder took advantage of the breach. Unsurprisingly, cyberattacks of this scope have had a major impact on the DOI as a whole.
"The identified challenge areas reflect continuing vulnerabilities and emerging issues faced by DOI," the report stated. "Each area is connected to DOI's mission, includes large expenditures, requires continuous management improvements and involves significant fiduciary relationships."
Naturally, this raises the question of how the DOI and other agencies can shore up their cybersecurity capabilities. One of the biggest problems, as the DOI report made clear, is the lack of expertise. Agencies simply do no have a sufficient number of personnel on hand to effectively improve and maintain their cybersecurity efforts. If not addressed, this single issue can undermine any other cybersecurity measures. It is therefore imperative that federal decision-makers either hire more cybersecurity experts or partner with third-party consulting firms before taking any other steps to improve their defenses in this area.