Warren Buffet, one of the most successful investors of our time, called cyberattacks the “number one problem with mankind.”
It’s a bold statement, and captures what is felt across the entire federal landscape every day. According to 2016 findings by the Government Accountability Office (GAO), cyberattacks on our federal government have shot up by 1,300 percent since 2006.1 Not surprisingly, a recent Pew Research Center study reported that roughly half of Americans don’t trust the federal government to protect their data.2
The question is: How do we tip the scales in our favor?
DOWNLOAD THE POV [PDF]
“Testimony Before the President's Commission on Enhancing National Cybersecurity; FEDERAL INFORMATION SECURITY Actions Needed to Address Challenges,” United States Government Accountability Office, retrieved 1 June 2017 from Federal Information Security
“Americans and Cybersecurity,” Pew Research Center, retrieved 1 June 2017 from Americans and Cybersecurity
Cyber threats against our government are a danger on the same level as terrorism—sometimes even going hand-in-hand. Cyber intruders relentlessly scheme to breach, steal and destroy with tangible and devastating effects. All of this is made worse by the fact that cyber is a frictionless, or easily adapted, weapon system—once a hack is published or a breach is discovered, it’s game on for adversaries within moments.
The WannaCry ransomware computer virus was a significant example of how adversaries attack vulnerabilities and create chaos around the world.
WannaCry: An unprecedented impact
Federal agencies must take swift, decisive actions to protect their information systems, or risk losing sensitive information, exposing vulnerabilities in security and leaving taxpayers saddled with hundreds of millions of dollars in damages.
AN ESTIMATED 200,000 COMPUTERS INFECTED
150 COUNTRIES AFFECTED
70,000+ MEDICAL DEVICES AFFECTED, INCLUDING MRI SCANNERS AND BLOOD-STORAGE REFRIGERATORS, POSING A SEVERE THREAT TO HUMAN LIVES
The Administration has an opportunity to gain the advantage by resetting the federal government’s cybersecurity posture. From the outset, this Administration has been confronting a full range of global cyber threats that were nearly unthinkable eight years ago. The threat is urgent, and in response the White House is mandating that federal agency leaders be held accountable for cybersecurity in a way that was once the province of technical officials.
The Executive Order Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure gives agency leaders strong impetus to act now. Federal agencies are actively conducting audits to establish inventories of their data focusing on defining their High Value Assets (HVAs) or “crown jewels.” Agencies are also actively scanning and fixing vulnerabilities within information systems.
Beyond these activities, to truly tip the balance of power in our favor, we recommend that agencies:
The new Executive Order sets the stage for a change in our cybersecurity posture at a critical moment for rebuilding. Now is the time to develop a more aggressive approach. Installing the basics—the equivalent of a home alarm system—and waiting for adversaries to trip them is not enough. It can take months to detect a cyber intrusion, but continuous scanning, especially around high-priority assets, will enable faster detection and removal of problems.
A focus on starting with a clean environment to restore confidence in our government networks is critical. This enables security professionals to focus on long-term security planning and scalable solutions.
The face, strategy and intent of our adversaries are always changing, making it essential to move beyond a “traditional” approach to security. Cybersecurity has to evolve with the threat, and must be viewed as a core responsibility for all leaders across government.