As a result of the COVID-19 outbreak, the federal government and its partners have adopted cybersecurity solutions to allow mobile workforces.
FREMONT, CA: In terms of cybersecurity, the federal government is constantly putting out fires—which may be taxing. Historically, the government, like most enterprises, has secured the network perimeter with tools such as firewalls and antivirus software. Regrettably, it has become evident that adversaries have long since breached those barriers through the use of contemporary approaches such as social engineering, phishing, drive-by downloads, identity theft, and impersonation.
Protecting any organization against modern cybercriminals—let alone nation-state threats—is difficult, especially given the volume, variety, and age of many government systems. With the increase in third-party breaches, the government must now guarantee that its vendors and suppliers are capable of protecting their systems.
Collaborating with Experts to Increase the Government's and Partners' Security
Cybersecurity businesses must be more than technology suppliers to the government. This is vital in infrastructure, intelligence, and defense sectors, where clients have unique requirements that can only be met by a partner who has a complete understanding of the outstanding issues they confront and gaps they need to close.
Information sharing has also been a priority within the government, and a recent presidential order on cybersecurity underlined the need to share threat information. Today's technology is more adept at gathering enemy intelligence than ever before, mainly when an adversary is duped into interacting with decoy assets while safely isolated from the rest of the network. By studying Indicators of Compromise (IoCs) and the associated tactics, methods, and procedures (TTPs) and efficiently sharing that information, defenders can detect and fight against specific attack strategies, even if such tactics have not been employed against them yet.
Enterprises can use active cyber protection to curate relevant internal threat intelligence, which speeds up continuous hunt operations. Effective cyber threat intelligence sharing requires both timely and appropriate intelligence sharing. Within the government, classified indicators frequently do not receive a timely "tear-line" or the same aggregated data available through open-source and commercial unclassified sources. Collaboration on analysis and application of risk scores and decay windows to IoCs is required to improve cyber threat intelligence.
With numerous third-party data breaches in the headlines, the government's trust in third-party partners is becoming increasingly crucial. This is becoming increasingly relevant as attackers increasingly compromise suppliers of widely used technology to access the software development life cycle rather than directly targeting the government. This occurred with SolarWinds, resulting in a significant breach with widespread reach throughout government and business.
