Morphing threat landscape demands evolution in agency cyber battle planning

Cybersecurity firm Symantec says exponentially increasing malware apps require innovative countermeasures

The number of cyber threats has increased exponentially during the past two years, and federal agencies now must develop new approaches to counteract those threats, according to GiGi Schumm, general manager for the public sector at Symantec Corp.

In 2008, Symantec identified 1.6 million individual malware applications circulating on the Internet, which was a larger number than several of the previous years combined, Schumm said at the FedScoop FedTalks 2010 conference this week. By 2009, the number of online malware applications identified rose to 2.9 million and continues to increase rapidly, Schumm added.

At the same time, Symantec has seen growth in online targeted threats — including those aimed at federal agencies. There also have been a greater number of timed, advanced and persistent cyberattacks, she added.

“It is not enough to just build higher walls,” Schumm said. “The way we secure our systems has to evolve and change.”


Related stories:

7 get awards for work on government cybersecurity

White House slow to implement cybersecurity recommendations, GAO says


One possibility is to develop methods to identify the source of individual bits of computer code attempting to infiltrate a network and to assign a risk score to those bits of code depending on whether they are from a trusted site or are newly created and used by a small number of users. If the bits of code score very high in risk — such as new codes from an untrusted source — they can be presumed to be malware and blocked automatically, Schumm said.

Federal agencies may find the prospect of improving cybersecurity less daunting if they first evaluate their mission-critical data, Schumm added. For most organizations, the critical data amounts to 10 percent or less of total data, while for public agencies the percentage is slightly higher, she said.

Once the key data is identified, the use of encryption and of an identity management and authentication scheme to ensure appropriate access to the data are all additional strategies that can be used, she added.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.