Morphing threat landscape demands evolution in agency cyber battle planning

Cybersecurity firm Symantec says exponentially increasing malware apps require innovative countermeasures

The number of cyber threats has increased exponentially during the past two years, and federal agencies now must develop new approaches to counteract those threats, according to GiGi Schumm, general manager for the public sector at Symantec Corp.

In 2008, Symantec identified 1.6 million individual malware applications circulating on the Internet, which was a larger number than several of the previous years combined, Schumm said at the FedScoop FedTalks 2010 conference this week. By 2009, the number of online malware applications identified rose to 2.9 million and continues to increase rapidly, Schumm added.

At the same time, Symantec has seen growth in online targeted threats — including those aimed at federal agencies. There also have been a greater number of timed, advanced and persistent cyberattacks, she added.

“It is not enough to just build higher walls,” Schumm said. “The way we secure our systems has to evolve and change.”


Related stories:

7 get awards for work on government cybersecurity

White House slow to implement cybersecurity recommendations, GAO says


One possibility is to develop methods to identify the source of individual bits of computer code attempting to infiltrate a network and to assign a risk score to those bits of code depending on whether they are from a trusted site or are newly created and used by a small number of users. If the bits of code score very high in risk — such as new codes from an untrusted source — they can be presumed to be malware and blocked automatically, Schumm said.

Federal agencies may find the prospect of improving cybersecurity less daunting if they first evaluate their mission-critical data, Schumm added. For most organizations, the critical data amounts to 10 percent or less of total data, while for public agencies the percentage is slightly higher, she said.

Once the key data is identified, the use of encryption and of an identity management and authentication scheme to ensure appropriate access to the data are all additional strategies that can be used, she added.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.