Greater understanding needed for better cybersecurity, official claims
There's no denying that the U.S. government has a cybersecurity problem. Hackers, both independent and state-sanctioned, pose a serious threat to federal agencies and critical U.S. infrastructure. Their tactics and tools are constantly evolving, resulting in a number of prominent breaches. Recently, for example, a cyberattack struck a major contractor that provides background checks for the Department of Homeland Security. While the exact damage is unknown, government officials theorized that staffers' personal information may have been accessed.
Delivering the keynote address at the Billington Cybersecurity Conference in Washington, Michael Daniel, White House cybersecurity coordinator, suggested that federal cybersecurity efforts typically come up short because government experts fail to understand the nature of the threats they face. New strategies to combat these dangers are necessary, Politico reported.
According to Daniel, one of the biggest problems is that federal cybersecurity approaches tend to focus solely on the technical side of things, which misses the bigger picture.
"We haven't fully confronted cybersecurity as a human behavior and motivation problem, as opposed to a technical problem," said Daniel, the news source reported. "Until we understand the human factors … we will continue to fail at solving this problem."
Another issue, Daniel explained, is that cybersecurity has become intertwined with politics in many areas. This makes solving cybersecurity challenges more complex. This doesn't mean that it is impossible to secure federal networks and other digital assets, but it does make this task significantly more difficult than it once was.
For example, cybersecurity officials from the United States and China recently met for closed-door talks in Washington, the Washington Times reported. These talks had previously taken the form of formal engagement, but China quickly ended the discussion after the U.S. government indicted Chinese military hackers who were allegedly involved in attacks on U.S. Transportation Command contractors between June 2012 and May 2013. The news source noted that the hackers stole computer source code, emails and a variety of documents during these successful intrusions.
These talks highlight the complexity of the cybersecurity landscape, as well as the need for superior defensive capabilities.
Daniel went on to note that the Obama administration will soon reveal a new strategy for engaging with the private sector for cybersecurity solutions. While not offering any real details, Daniel explained that this approach would differ from the traditional contracting model. This new policy will apply to 16 sectors of critical infrastructure.
Regardless of whatever form this new approach takes, it is clear that the government needs to revise and upgrade its approach to cybersecurity, and that third-party assistance will be critical to these efforts. Specifically, federal agencies should look for and partner with firms that have a proven history of delivering cybersecurity solutions in the public sector. These firms can provide a range of services, from training to consulting to auditing, all of which can help to ensure that federal agencies and their employees remain as safe and secure as possible when leveraging digital resources.