Morphing threat landscape demands evolution in agency cyber battle planning

Cybersecurity firm Symantec says exponentially increasing malware apps require innovative countermeasures

The number of cyber threats has increased exponentially during the past two years, and federal agencies now must develop new approaches to counteract those threats, according to GiGi Schumm, general manager for the public sector at Symantec Corp.

In 2008, Symantec identified 1.6 million individual malware applications circulating on the Internet, which was a larger number than several of the previous years combined, Schumm said at the FedScoop FedTalks 2010 conference this week. By 2009, the number of online malware applications identified rose to 2.9 million and continues to increase rapidly, Schumm added.

At the same time, Symantec has seen growth in online targeted threats — including those aimed at federal agencies. There also have been a greater number of timed, advanced and persistent cyberattacks, she added.

“It is not enough to just build higher walls,” Schumm said. “The way we secure our systems has to evolve and change.”


Related stories:

7 get awards for work on government cybersecurity

White House slow to implement cybersecurity recommendations, GAO says


One possibility is to develop methods to identify the source of individual bits of computer code attempting to infiltrate a network and to assign a risk score to those bits of code depending on whether they are from a trusted site or are newly created and used by a small number of users. If the bits of code score very high in risk — such as new codes from an untrusted source — they can be presumed to be malware and blocked automatically, Schumm said.

Federal agencies may find the prospect of improving cybersecurity less daunting if they first evaluate their mission-critical data, Schumm added. For most organizations, the critical data amounts to 10 percent or less of total data, while for public agencies the percentage is slightly higher, she said.

Once the key data is identified, the use of encryption and of an identity management and authentication scheme to ensure appropriate access to the data are all additional strategies that can be used, she added.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.