While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Hiring the right IT security talent can be a challenge for any organization. But recently, the skills shortage, particularly in the federal government, has become critical.
Symantec forecasts global demand for IT security professionals to reach 6 million by 2019, with a projected shortfall of 1.5 million professionals. Cisco Systems recently estimated that there are currently 1 million cybersecurity job openings. Many of those positions are in the public sector, and Federal CIO Tony Scott recently estimated that the federal government must fill more than 10,000 cybersecurity positions. Those sobering statistics illustrate the IT staffing challenges the federal government faces in security.
“It is no secret that too often government IT is like an Atari game in an Xbox world,” President Obama wrote this year in a Wall Street Journal opinion column. To that end, officials are taking several steps to remedy the talent gap.
At press time, Obama was expected to soon appoint the first federal CISO. And as part of the president’s Cybersecurity National Action Plan, the administration seeks to spend $62 million to combat cyberworkforce shortages. In terms of staffing, the federal government will cast a wider net to include candidates who know foreign languages, biology and anthropology; will emphasize critical measures such as training, scholarships and debt forgiveness; and will create a corps of cyberprofessionals to instill best practices across government.
But a lack of trained professionals is only part of the problem. In addition to recruiting and retaining top-tier cybersecurity talent, federal agencies must strengthen their cyberdefenses by making better use of new and existing security technologies.
As hackers up their game, even the most heavily staffed organizations are challenged in countering advanced threats. The federal government must take advantage of intelligent security technologies to deter, detect and disrupt threats. Such implementations will go a long way toward alleviating the manpower shortage.
IT security automation can supplement, and eventually supplant, manual approaches to threat detection and mitigation. Security products and services from makers such as Blue Coat, Cisco Systems, FireEye, Palo Alto Networks, RSA Security and Tenable apply machine learning and behavioral analysis to speed detection, identify problems and expedite remediation. These automation capabilities enable agencies to quickly find and stop attacks and achieve operational efficiency in the face of resource challenges.
Underskilled and understaffed departments need all the help they can get, so it just makes sense to tap the security intelligence features that are offered in solutions that many agencies already own. Automating basic IT security functions relieves the pressure on security staff, who are likely overwhelmed trying to keep pace with the volume of threats and alerts. The use of analytics to gather, analyze and prioritize security data improves decision-making. Machine learning and behavioral analysis technologies are faster and more accurate than humans, and also free up skilled professionals to focus on more complicated security challenges.
There’s no question that automation will constitute a key component of cyberdefenses. Improved endpoint security blocks threats and decreases malware, marking a triumph for departments of all sizes.
Tapping advanced threat intelligence enables agencies to gain full visibility into the network in order to spot compromised machines and halt hackers’ advances. By thinking offensively, security chiefs can pit machines against hackers to expand their ranks.