Commentary

What it takes to achieve effective cyber defense

cybersecurity concept

The federal government is not designed to be nimble, but it can adapt quickly under extreme crises. The nature of the cybersecurity landscape, however, requires agencies to adapt to changing threats continuously, not just during an extreme crisis. And given the rapid adoption and advancement of mobile technologies, that cycle can be on the order of weeks.

Yet historically, cybersecurity budgets follow the standard federal budget process and are planned years in advance. The critical challenge is that adversaries can adapt much faster than defenders can adapt their defenses. And, as I observed during my tenure as a civil servant, other nontechnical challenges compound the problems cyber defenders face.

Culturally, compliance in the federal government is the standard benchmark for job performance. The challenge is that threats have evolved to the point where good hygiene and implementing current mandates are not enough to stop advanced adversaries.

The first step to changing this paradigm is to continue to stress the importance of compliance while realizing that a cyber breach is unavoidable. The key is to focus on what federal agencies can do to rapidly identify a breach, contain it and limit the damage an adversary can do. A synergistic approach of implementing good hygiene and investing in capabilities that promote effects-based defense capabilities is critical to successfully defending government networks.

There are efforts underway to help address many of those challenges, but agencies should also be allowed to more easily invest in game-changing cybersecurity capabilities that not only advance their technical defensive capabilities but also address nontechnical challenges and provide more operational effectiveness.

In many organizations, operationally effective cyber defense revolves around the ability to shrink the time to complete the loop of Attack Prevention > Detection > Diagnosis > Containment > Response. In agencies that don't have requirements that support effective cyber defense operations across the entire IT landscape, completing that loop takes weeks or even months.

For example, one nontechnical challenge that I have observed happens when separate companies have contracts for network administration and endpoint security. I have seen situations in which someone on the endpoint security team identified something suspicious and requested details from the networking team to help diagnose the event. The response from the networking contractor was that it could not provide support because it was not allowed to take direction from another contractor.

That type of nontechnical challenge and delay can dramatically increase the cost and impacts associated with cyber breaches. According to the latest Mandiant M-Trends report, in 2013 the median time from breach to detection was 229 days. For cyber defenders to be more effective, they need capabilities that enable them to be more proactive in defending against threats. Agencies must get out of the business of being reactive and solely relying on mandated signature-based capabilities simply because compliance is the benchmark.

However, because advanced capabilities are not mandated, it requires an incredible amount of effort and time to acquire them -- typically in small installments of end-of-year funds.

Rapidly adopting cutting-edge technologies could give cyber defenders an advantage over adversaries and help overcome some of the nontechnical challenges agencies face. That would save money in the long run and have a dramatic impact on the foothold adversaries can gain in the years it would take to address the problem with current government policies and compliance mandates.

About the Author

Travis Rosiek is CTO at Tychon.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.