What it takes to achieve effective cyber defense

cybersecurity concept

The federal government is not designed to be nimble, but it can adapt quickly under extreme crises. The nature of the cybersecurity landscape, however, requires agencies to adapt to changing threats continuously, not just during an extreme crisis. And given the rapid adoption and advancement of mobile technologies, that cycle can be on the order of weeks.

Yet historically, cybersecurity budgets follow the standard federal budget process and are planned years in advance. The critical challenge is that adversaries can adapt much faster than defenders can adapt their defenses. And, as I observed during my tenure as a civil servant, other nontechnical challenges compound the problems cyber defenders face.

Culturally, compliance in the federal government is the standard benchmark for job performance. The challenge is that threats have evolved to the point where good hygiene and implementing current mandates are not enough to stop advanced adversaries.

The first step to changing this paradigm is to continue to stress the importance of compliance while realizing that a cyber breach is unavoidable. The key is to focus on what federal agencies can do to rapidly identify a breach, contain it and limit the damage an adversary can do. A synergistic approach of implementing good hygiene and investing in capabilities that promote effects-based defense capabilities is critical to successfully defending government networks.

There are efforts underway to help address many of those challenges, but agencies should also be allowed to more easily invest in game-changing cybersecurity capabilities that not only advance their technical defensive capabilities but also address nontechnical challenges and provide more operational effectiveness.

In many organizations, operationally effective cyber defense revolves around the ability to shrink the time to complete the loop of Attack Prevention > Detection > Diagnosis > Containment > Response. In agencies that don't have requirements that support effective cyber defense operations across the entire IT landscape, completing that loop takes weeks or even months.

For example, one nontechnical challenge that I have observed happens when separate companies have contracts for network administration and endpoint security. I have seen situations in which someone on the endpoint security team identified something suspicious and requested details from the networking team to help diagnose the event. The response from the networking contractor was that it could not provide support because it was not allowed to take direction from another contractor.

That type of nontechnical challenge and delay can dramatically increase the cost and impacts associated with cyber breaches. According to the latest Mandiant M-Trends report, in 2013 the median time from breach to detection was 229 days. For cyber defenders to be more effective, they need capabilities that enable them to be more proactive in defending against threats. Agencies must get out of the business of being reactive and solely relying on mandated signature-based capabilities simply because compliance is the benchmark.

However, because advanced capabilities are not mandated, it requires an incredible amount of effort and time to acquire them -- typically in small installments of end-of-year funds.

Rapidly adopting cutting-edge technologies could give cyber defenders an advantage over adversaries and help overcome some of the nontechnical challenges agencies face. That would save money in the long run and have a dramatic impact on the foothold adversaries can gain in the years it would take to address the problem with current government policies and compliance mandates.

About the Author

Travis Rosiek is federal architect at FireEye.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.


  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Mon, Aug 18, 2014

It takes money and staff to implement new technology. Unfortunately management fired the staff and claimed the savings without making anything more secure. But then again, OMB instructed management to just throw everything in the cloud without implementing the 800-53 rev4 controls until June 2014 but requiring the agencies to implement them back in 2012 and requiring cutbacks in IT by 5-10%. This has all been a crony capitalist give away to a favored few and has done very little to secure the government's data. The only thing it has done has made government IT look incompentent because of all the forced outsourcing.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above