Federal Agencies Becoming More Agile and Innovative When it Comes to Cybersecurity
Federal government agencies are constantly in the news for cybersecurity issues. From the on-going impact of the OPM breach to the probability, if not possibility, that medical devices will be hacked and used as backdoors to gain access to data and networks with the Department of Veterans Affairs, there are no end of threat vectors targeting federal agencies. While federal agencies should be held to a higher standard on matters of cybersecurity because of the consequences of a data breach for both national and personal security, it’s not all gloom and doom.
Several agencies are adopting innovative strategies to address the cyber threats that they are facing. From addressing insider threats at State and Commerce to education through volunteer efforts at the Centers for Medicare and Medicaid, there are definite changes in the way in which agencies are meeting cyber threats. Perhaps with this sea change, it really is time for an 18F-like organization to continue to drive innovative solutions for cybersecurity within the federal government?
Read on to learn more.
State and Commerce Are Meeting the Insider Threat Head On
The threat posed to data security by insiders is one of the biggest issues facing federal agencies. Regardless of whether the intent is to cause harm, or just the end result of a poor password, or lost laptop, the harm done by insiders to agencies is undeniable. With an Insider Threat Task Force in place, the federal government is now working on getting agencies to share data about insider threats to help develop more robust solutions and protocols. Two agencies, State and Commerce are spearheading the charge by focusing on auditing to detect patterns of anomalous behavior, which is a highly reliable indicator for insider threat activity. As Rod Turk, CIO at the Department of Commerce commented in a recent article, “[i]f you see a large amount of classified information downloaded at 2 a.m. on a Saturday, then you know something is wrong.”
Interested in learning more about solutions that facilitate easy auditing? You can find more information here…
CMS Hack Leads to Better Education with Volunteer Data Guardians
While formal employee training can go a long way to ensuring a better level of security hygiene, the Centers for Medicare and Medicaid (CMS) are taking a different approach in the aftermath of a recent hack. As anyone in the cybersecurity and healthcare fields know, health records are among the most valuable data out there and organizations, including government agencies, are under constant attack these days.
When the Centers for Medicare and Medicaid were targeted by spearphishers using phony links to siphon credentials, CMS Chief Information Officer, David Nelson, and his team took an unusual approach. As Nelson said in a recent interview with NextGov, “[r]ather than dealing with this sort of whack-a-mole style,” he said, CMS decided to “really, really sensitize our employees” to the risk of compromising the most private information of Americans.” Nelson and his team created a volunteer team of data guardians to integrate cyber education into everyday office practices. From spearphishing exercises to education about credential security and how to minimize the collection of sensitive data, CMS has created a strong culture of cybersecurity on the frontlines.
An 18F for Cyber?
18F – the innovation hub of digital government services — has become one of the biggest success of the Obama Administration’s drive to instill agility and innovation into the federal government. Now, there’s a growing movement to create an 18F for cybersecurity.
Much like the original 18F, the cyber version would concentrate talent in an organization that is built more like a Silicon Valley startup than a traditional government agency. As well as parachuting in teams during a cybersecurity event, Greg Godbout, a digital government evangelist, co-founder of 18F, and former CTO at the EPA, envisions that the organization would drive transformative technologies both developed within government and in the private sector. While there are no plans in place for such an organization Godbout encouraged agency CIOs to collaborate and “do it now.”
What to see an example of a transformative cybersecurity solution now? You can learn more here.