As reports of major security breaches and thwarted attacks on government agencies continue to pile up, cyber-security has become a top-level priority. Federal agencies must ensure that the right people have the right amount of control over vital information. By establishing and implementing consistent security initiatives, Knowledge Center contributor Robert Grapes explains how federal agencies can employ a proactive approach to help prevent security breaches.
being saddled with significant economic concerns, President
Obama-recognizing the significant importance of cyber-security to the
nation-ordered a 60-day review of United States information security
and the systems that support Critical Infrastructure Protection
(CIP)-or in this case, cyber CIP. This call to action recognizes that a
failure to implement proper security measures can facilitate internal
and external threats to the confidentiality, integrity and availability
of the nation's critical infrastructure.
In January 2009, the U.S. Government Accountability Office (GAO) published the GAO-09-271 update
to their High-Risk Series report, which outlines federal information
and cyber CIP concerns. The report stated that protecting the federal
government's information systems and the nation's critical
infrastructure is a topline challenge, but this requires resolving
deficiencies that have not yet been broadly identified.
The report also stated the importance of fully implementing
effective security programs. The following challenges are too important
to go unaddressed:
Challenge No. 1: Cyber-security as top-level priority
Earning cross-agency buy-in is critical for managing threats
effectively, and for ensuring centralized and controlled access to
vital information and systems.
Challenge No. 2: Establishing and implementing consistent security initiatives
Mandating policies can be a complex and daunting task, but with
insufficient processes in place to enable full accountability, agencies
become susceptible to internal and external threats.
Challenge No. 3: Preventing system disruption
Dynamic and complex technology environments-including virtualized,
cloud computing or service-oriented infrastructures-make managing
information access extremely difficult, requiring flexible controls and
solutions to adapt and prevent interruptions (or worse).
Challenge No. 4: Improving warning capabilities
Access to critical information assets must be monitored and managed
intensively in all facets of the organization. Implementing proactive
warning systems can circumvent critical incidents, limiting exposure to
agency credentials and vital information that can open the agency to
extreme governance risks (both inside and outside its walls).
Challenge No. 5: Strengthening incident recovery
While mitigating occurrences is the first line of defense, the
ability to recover from incidents quickly without exposing critical
information and access needs to be improved upon. When events do arise,
privileged information and access are compromised without a disaster
recovery plan in place.
Government agencies by their very nature must be unfailingly
vigilant in trusting secure information to external and internal
resources-if only because the information they control can financially,
legally or even physically endanger the public's well-being if it falls
into the wrong hands.