Agencies Report Challenges with Threat Intelligence and Detection
Among public sector respondents, 63 percent said they struggle to leverage data to detect and prevent threats, compared with 49 percent of private sector respondents. The public sector was also more likely to struggle with mitigating cybersecurity events (66 percent of public respondents versus 56 percent of private).
Public sector respondents cited several reasons for these shortcomings, including skills gaps, lack of resources and lack of visibility into the threat landscape.
The public sector’s biggest barrier to addressing cybersecurity priorities and mandates is budget, the survey found. Nearly 80 percent of public sector respondents said budget inhibits their ability to address these areas. The 2023 omnibus spending package recently signed by President Joe Biden showed a significant increase in funding for cybersecurity, including $1.3 billion for cybersecurity programs at the Cybersecurity and Infrastructure Security Agency (CISA), a year-over-year increase of $230 million, according to FedScoop.
On threat intelligence, 44 percent of public sector respondents said that shared cybersecurity intelligence available to them is lacking for their needs, compared with 29 percent of private sector respondents. Kovar, who has worked in both the public and private sector, posits that these numbers could be a result of the public sector knowing what it’s missing and the private sector not being aware of all possibilities.
“I had significantly more intelligence when I was in the public sector than the private sector,” Kovar says. “I do wonder if part of that is people know how much they could have but are unable to action it because of a lack of resources. And how much of it is the private sector not knowing what it could have?”
In November, the General Services Administration acknowledged this and took steps to address it. On behalf of CISA, the GSA filed a request for information on the availability of Threat Intelligence Enterprise Services to help the agency in its development of threat intelligence capabilities. CISA cited fragmented threat information as one of the existing barriers in the federal cyber ecosystem found throughout the threat intelligence lifecycle.
How Data Limitations Increase Public-Private Disconnect
According to the report, these data challenges limit both sectors’ ability to share information with each other, hindering collaboration between public and private organizations. The survey results suggest organizations in both sectors are much more likely to share intelligence within their own sector than across sectors.
That said, the two sectors were aligned on what kind of insights and information were important to share:
- Threat intelligence and actors (69 percent public and 63 percent private)
- Real-time information on security events (60 percent public and 69 percent private)
- Cybersecurity training materials and best practices (79 percent public and 68 percent private)
- Benchmarked data (36 percent public and 31 percent private)
Kovar said the disconnect comes from the fact that the two sectors have different challenges and capabilities, so each side has different ideas about execution.
“We’re going to see people agreeing on the goals, but how you implement them and execute them between the public and private sector is going to be different,” he says. “The second thing is that the public sector has a mandate to help citizens, not make profit. There’s a very big difference there.”
Looking ahead, the most common cybersecurity investments among public sector respondents included monitoring/alerting, threat intelligence and security assessments.