What it takes to achieve effective cyber defense

cybersecurity concept

The federal government is not designed to be nimble, but it can adapt quickly under extreme crises. The nature of the cybersecurity landscape, however, requires agencies to adapt to changing threats continuously, not just during an extreme crisis. And given the rapid adoption and advancement of mobile technologies, that cycle can be on the order of weeks.

Yet historically, cybersecurity budgets follow the standard federal budget process and are planned years in advance. The critical challenge is that adversaries can adapt much faster than defenders can adapt their defenses. And, as I observed during my tenure as a civil servant, other nontechnical challenges compound the problems cyber defenders face.

Culturally, compliance in the federal government is the standard benchmark for job performance. The challenge is that threats have evolved to the point where good hygiene and implementing current mandates are not enough to stop advanced adversaries.

The first step to changing this paradigm is to continue to stress the importance of compliance while realizing that a cyber breach is unavoidable. The key is to focus on what federal agencies can do to rapidly identify a breach, contain it and limit the damage an adversary can do. A synergistic approach of implementing good hygiene and investing in capabilities that promote effects-based defense capabilities is critical to successfully defending government networks.

There are efforts underway to help address many of those challenges, but agencies should also be allowed to more easily invest in game-changing cybersecurity capabilities that not only advance their technical defensive capabilities but also address nontechnical challenges and provide more operational effectiveness.

In many organizations, operationally effective cyber defense revolves around the ability to shrink the time to complete the loop of Attack Prevention > Detection > Diagnosis > Containment > Response. In agencies that don't have requirements that support effective cyber defense operations across the entire IT landscape, completing that loop takes weeks or even months.

For example, one nontechnical challenge that I have observed happens when separate companies have contracts for network administration and endpoint security. I have seen situations in which someone on the endpoint security team identified something suspicious and requested details from the networking team to help diagnose the event. The response from the networking contractor was that it could not provide support because it was not allowed to take direction from another contractor.

That type of nontechnical challenge and delay can dramatically increase the cost and impacts associated with cyber breaches. According to the latest Mandiant M-Trends report, in 2013 the median time from breach to detection was 229 days. For cyber defenders to be more effective, they need capabilities that enable them to be more proactive in defending against threats. Agencies must get out of the business of being reactive and solely relying on mandated signature-based capabilities simply because compliance is the benchmark.

However, because advanced capabilities are not mandated, it requires an incredible amount of effort and time to acquire them -- typically in small installments of end-of-year funds.

Rapidly adopting cutting-edge technologies could give cyber defenders an advantage over adversaries and help overcome some of the nontechnical challenges agencies face. That would save money in the long run and have a dramatic impact on the foothold adversaries can gain in the years it would take to address the problem with current government policies and compliance mandates.

About the Author

Travis Rosiek is federal architect at FireEye.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Mon, Aug 18, 2014

It takes money and staff to implement new technology. Unfortunately management fired the staff and claimed the savings without making anything more secure. But then again, OMB instructed management to just throw everything in the cloud without implementing the 800-53 rev4 controls until June 2014 but requiring the agencies to implement them back in 2012 and requiring cutbacks in IT by 5-10%. This has all been a crony capitalist give away to a favored few and has done very little to secure the government's data. The only thing it has done has made government IT look incompentent because of all the forced outsourcing.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group