Morphing threat landscape demands evolution in agency cyber battle planning

Cybersecurity firm Symantec says exponentially increasing malware apps require innovative countermeasures

The number of cyber threats has increased exponentially during the past two years, and federal agencies now must develop new approaches to counteract those threats, according to GiGi Schumm, general manager for the public sector at Symantec Corp.

In 2008, Symantec identified 1.6 million individual malware applications circulating on the Internet, which was a larger number than several of the previous years combined, Schumm said at the FedScoop FedTalks 2010 conference this week. By 2009, the number of online malware applications identified rose to 2.9 million and continues to increase rapidly, Schumm added.

At the same time, Symantec has seen growth in online targeted threats — including those aimed at federal agencies. There also have been a greater number of timed, advanced and persistent cyberattacks, she added.

“It is not enough to just build higher walls,” Schumm said. “The way we secure our systems has to evolve and change.”


Related stories:

7 get awards for work on government cybersecurity

White House slow to implement cybersecurity recommendations, GAO says


One possibility is to develop methods to identify the source of individual bits of computer code attempting to infiltrate a network and to assign a risk score to those bits of code depending on whether they are from a trusted site or are newly created and used by a small number of users. If the bits of code score very high in risk — such as new codes from an untrusted source — they can be presumed to be malware and blocked automatically, Schumm said.

Federal agencies may find the prospect of improving cybersecurity less daunting if they first evaluate their mission-critical data, Schumm added. For most organizations, the critical data amounts to 10 percent or less of total data, while for public agencies the percentage is slightly higher, she said.

Once the key data is identified, the use of encryption and of an identity management and authentication scheme to ensure appropriate access to the data are all additional strategies that can be used, she added.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.