1. Invest in Comprehensive Cybersecurity Planning
In the private sector, companies tend to have one team responsible for most or all cybersecurity matters. Some organizations place these duties with the CIO. Others hand them to a CISO or chief data officer. Rarely do they allow each and every business unit to determine its own cybersecurity path because they know it would be ineffective, especially when sharing data across the enterprise.
But that siloed approach is more common in the federal government. While high-level guidelines from the National Institute of Standards and Technology lay out minimal requirements for federal information systems, most agencies march to their own cybersecurity drummers.
As those agencies increasingly migrate to the cloud and start sharing more information, the demand for a universal plan to maximize the security posture of every agency, not just a select few, is critical.
This plan will have to start with defense in depth. There are countless avenues hackers take into networks, from stealing identities to penetrating poorly defended endpoint devices, such as network printers and computers. There’s also human nature to contend with. People unwittingly make mistakes by clicking on the wrong things, sharing passwords or a host of any other activities that leave networks vulnerable to attack.
Agencies, therefore, must have a strong direction for the technologies, tools and training they adopt. And the barrier of prioritizing “good enough” or the lowest-cost technically acceptable technology must be removed. With cybersecurity, actual attacks often cost far more than an investment in necessary prevention programs or the critical hardware and software needed to protect their infrastructure.
2. Address the Cybersecurity Talent Shortage
More efforts are also needed to bring cybersecurity talent into government. This will be a difficult task given the fact there are expected to be 1.8 million unfilled cybersecurity jobs across the private and public sectors by 2022.
But that does not mean they shouldn’t try or that recruitment is an impossible task. Embracing new recruitment channels and unconventional strategies can alleviate the workforce gap. For agencies unable to pay as much as corporations, this could mean offering faster tracks for career advancement, more flexible hours or attractive international assignments. It could even involve developing talent at a college level through mentorship, internship and diversity programs.
In short: The government would benefit from a central cybersecurity leader who is thinking outside the box and driving toward a solution that money alone will not buy. When resources and human capital are leveraged in meaningful ways, the threat of cyberattack becomes a problem that our public sector can, in fact, stay ahead of.
3. Agencies Should Partner with the Private Sector
Government agencies also need to accept that they don’t have to solve their cybersecurity challenges alone. Technology vendors have been forging cybersecurity alliances among themselves for years to address specific issues affecting them all. A while back, for instance, more than 40 tech companies banded together in an alliance called the Cybersecurity Tech Accord to declare they would not help any government launch cyberattacks against any “innocent civilians and enterprises from anywhere.”
Many of the participants in these consortiums are competitors in the marketplace, but still believe that by sharing their time, knowledge and mutual commitment to innovation, they can make a difference and solve problems. That same energy should carry over to broader and more aggressive public-private partnerships aimed at protecting government infrastructure in particular.
While cybersecurity challenges will never go away and the threats will continue to grow, it is possible for government agencies to proactively protect themselves. In fact, as an increasing number of them rely on digital and cloud services, they’re not going to have much choice.
Together, agencies must step forward and take the reins to drive consistent and dramatic change at all levels of the federal government. That’s the only way to achieve the IT infrastructure modern times demand. As current events have dictated, solid planning can produce secure and real results.