The Colonial Pipeline ransomware attack showcased the growing vulnerability gaps when it comes to national cybersecurity. Combined with the whirlwind of activity related to the SolarWinds breach, there will be a surge of new cybersecurity solutions in the market.
The Biden Administration has made the topic a key priority, as emphasized in the President’s recent Executive Order, which called for advancements in removing threat communication barriers, detecting cybersecurity vulnerabilities and incidents on federal government networks, and more.
But, the federal government’s tendency to buy another point tool isn’t what will solve the underlying security issues.
Improving cybersecurity through risk management
In a recent Washington Technology article, we discuss how agencies can achieve better cybersecurity through pragmatic risk management approaches and collaboration with the private sector.
In a recent Federal News Network article, we explain why it’s important for private and public sector organizations to collaborate. The goal is to combat malicious threats and work toward a solution that’s not just mutually beneficial but critical to our country’s economic and political stability.
We are beginning to move in the right direction. Newly released National Security Strategic Guidance prioritizes cybersecurity throughout the government and requires a diplomatic and military response.
“We will work together to manage and share risk,” the guidance stated, adding, “we will encourage collaboration between the private sector and the government at all levels in order to build a safe and secure online environment for all Americans.”
No room for security errors. Plenty of room to improve.
As defenders of IT networks, we have to be right 100% of the time to truly protect data. Adversaries get unlimited tries and only have to be right once to gain access and successfully breach information. The reality is, if you’re the target of a nation-state, cyber hackers are getting into your network.
Software supply chain attacks are one of the most significant cybersecurity challenges we face today, as shown from the recent SolarWinds breach. These attacks are a threat to every industry. There is no silver bullet to stop them, but the Executive Order aimed at creating resilient and secure supply chains is an encouraging step in the right direction.
So what do private and public sector organizations need to do to defend against potential threats and find a solution? Here are a few ideas:
- Work together to detect, contain, and mitigate against potential threats, and share information as quickly as possible.
- Know what tools and tactics hackers are using against government agencies.
- Consider what happens during and after an attack. Discover and share the scope, containment strategy, and the adequacy of tools used to mitigate.
Cooperation. It’s the pragmatic approach to reducing risk.
Today, there’s no easy way to provide evidence that vendors are running a tight ship. But legal wrangling is time-consuming and expensive.
Plus, if blame is established, it’s likely that the bigger picture, national cybersecurity, has not been improved. But federal agencies and vendors are starting to talk about how to solve this problem through modern means. If we’re successful, it’s because of this burgeoning cooperation.
Due to this risk, we need to set aside traditional risk assessments and protections and start looking at risk pragmatically. With a holistic risk management approach in mind, vendors and federal agency IT teams can save time and money and align resources while protecting personal and sensitive government data.
The implications of cybersecurity are so vast. The private and public sectors must work together and share the knowledge that will keep our country strong.
Read more in the Washington Technology and Federal News Network articles to learn more about how Tanium can help agencies rationalize their toolset and protect agency networks with a holistic risk management approach.
Learn more about President Biden’s Executive Order to help improve the nation’s cybersecurity and protect federal government networks.