Federal cybersecurity to become more integrated in coming year
The nature of cybersecurity throughout the federal government is evolving. This is largely happening out of necessity – groups such as the State Department and White House have been struck by a number of major data breaches, forcing agencies to adopt new, improved strategies and resources to protect their sensitive assets.
A key example of this development is the increasing integration of cybersecurity throughout agency activities. As GCN recently reported, 2015 will likely see the borders between IT security and operations disappear.
Security and operations merge
This merger is taking place in a number of different ways, the source explained. First and foremost, agencies will increasingly build cybersecurity capabilities into their platforms and software from the ground up, as opposed to adding in security precautions after the fact. This will also prove true for any third parties that provide these products and services to federal groups. The federal government as a whole will decrease its reliance on perimeter-based security measures as a result.
Just as importantly, the news source noted that cybersecurity will cease to be seen as solely a CISO or CSO responsibility. Instead, everyone involved with IT services will need to engage with cybersecurity on a professional level.
According to the source, this may have a positive impact on federal budgets. Currently, the FY 2015 presidential budget allocated $1.41 billion for cybersecurity, down from $1.44 billion in FY 2014. If other areas of federal IT address cybersecurity, along with dedicated security measures, this decrease may not have a negative impact on the government's overall level of protection against cyberattackers.
Ultimately, this trend should improve the quality of federal cybersecurity, cutting down on breaches and other security incidents. However, it remains to be seen how agencies will go about achieving this goal of greater integration.
"CIOs and state leaders need to consider creative ways of allocating and managing these expanding responsibilities," a study from the National Association of State Chief Information Officers stated.
This can be easier said than done. While federal agencies have regularly demonstrated significant innovation in a wide range of areas, it is difficult for agencies to overhaul their approach to IT operations to such a degree. Both the sheer size of their organizations and the inherent complexity of federal IT networks further complicate this task.
Making matters even more urgent is the fact that the cyberattacks deployed against federal targets are becoming more sophisticated, as GCN reported. The source explained that federal cyberthreats are now typically long-term attacks that are often only discovered after significant damage has been wrought.
All of this goes to show the value of teaming up with a third-party cybersecurity services vendor. These independent organizations will often have the ability to deliver creative, practical solutions for federal organizations, thanks to their greater experience in the field and external perspective – the third party can develop a solution that crosses borders, as it will not be beholden to any particular department.