Cybersecurity initiatives gaining steam across federal government
In light of the recent data breaches at the Office of Personnel Management, White House and State Department, there is nearly unanimous agreement among observers that the federal government needs to significantly improve and reconfigure its cybersecurity strategies. And, fortunately, such efforts are now underway in a number of different agencies.
"Agencies engaged in a month-long cybersecurity 'sprint.'"
Following the OPM breach, agencies engaged in a month-long cybersecurity "sprint," according to Fierce Government IT. This represented a concerted effort to shore up potential vulnerabilities, and to better appreciate the state of federal cybersecurity.
Speaking to the source, Terry Halvorsen, CIO for the Department of Defense, asserted that while official reviews have yet to be released, initial internal reports on the sprint were encouraging.
This sprint also highlighted certain shortcomings in the way that federal agencies approach cybersecurity. Notably, Paul Wester, a high-ranking National Archives and Records Administration official, emphasized that federal CIOs do not always work with records managers to protect their sensitive information, a separate Fierce Government IT report explained. He told the source that no records-specific goals were included in the cybersecurity sprint.
According to Wester, federal CIOs are well aware of the importance of records-related cybersecurity as part of broader data protection initiatives, the source reported. At the same time, though, he noted that many CIOs hesitate to directly incorporate these issues into their cybersecurity initiatives, as they do not want to further complicate an already demanding area. Still progress is being made.
"We're not there, but we're getting there," said Wester, the source noted.
Another powerful example of the federal government striving to improve its cybersecurity capabilities centers around the Office of Management and Budget. The agency is now planning to provide a significant amount of money to the IRS with the specific goal of improving the latter agency's cybersecurity.
"The IRS will lose $50 million in revenue due to the breach."
The IRS is one of the multiple federal agencies to have experienced a serious data breach in recent months. As FedScoop reported, this breach allowed third parties to access approximately 100,00 taxpayers' accounts. IRS Commissioner John Koskinen estimated that this breach would result in $50 million in lost revenue from additional fraudulent returns alone.
To reduce the risk of another major breach occurring in the future, the OMB is providing the IRS with nearly one-quarter of a billion dollars next year – a 72 percent increase relative to 2015, according to FedScoop.
Fed Tech magazine reported that this investment will allow the IRS to develop a new information sharing system, improve its attack detection and prevention capabilities and more. These upgrades are especially important because, as the source explained, subsequent investigations in the wake of the IRS data breach identified a number of additional attempted cyberattacks directed against the agency.
It is important to recognize that the federal government is embracing new attitudes toward and approaches to cybersecurity in an effort to improve its defensive capabilities.
"Previously agencies did not felt a sense of urgency in regard to cybersecurity."
Speaking at the Digital Government Institute's 930Gov conference, Tony Scott, CIO for the federal government, emphasized that in the past agencies have not felt a sense of urgency in regard to cybersecurity, Nextgov reported. It was this sense of complacency which allowed vulnerabilities to go unnoticed and unaddressed, leading to breaches at the OPM and elsewhere. This incident has served as a wakeup call, and agencies have made significant cybersecurity progress in the time since then.
"There's nothing like a crisis to sort of get the juices going and get people motivated," Scott said, according to Nextgov. "I'm really proud of the work that the teams have done. I wish we had done it sooner, but you know at this point, we're working as hard as we can on it."
To ensure that this sense of urgency remains present, Scott emphasized that his team will continue to put pressure on agencies, forcing them to remain vigilant and upgrade their cybersecurity capabilities even further, the source reported.
Finally, the federal government is now making progress in its cybersecurity improvement efforts by turning to the private sector for support and guidance, as Washington Business Journal reported. Notably, a number of federal technology officers attended a recent conference in Washington dedicated to this topic. The source explained that the public and private sectors face many of the same cybersecurity threats and challenges today, and so it is valuable for federal agencies to look here for assistance.
Dave Mahon, chief security officer for CenturyLink, noted that both businesses and government agencies need to reconsider how they approach and view cybersecurity, the source reported. More specifically, Mahon encouraged personnel to recognize that cyberattackers are a risk at all times. With this view in mind, decision-makers should reframe their focus on cybersecurity away from return on investment and more toward the basic survival of their organizations in an increasingly dangerous digital realm.