Federal Agencies Should Use MEGABYTE Act to Enhance Their Cybersecurity

9.16.2016 | Ralph Kahn


To protect your network, you have to know your network. This maxim is at the foundation of everything we do at Tanium. That’s why we were thrilled when, last month, the President of the United States signed into law a bill that will require federal agencies to do exactly that – get to know their network.

The MEGABYTE Act (Making Electronic Government Accountable By Yielding Tangible Efficiencies) requires federal agency Chief Information Officers (CIOs) to develop a comprehensive plan for managing software licenses. This includes tracking spending on software, inventorying their licenses and identifying what’s not being used, avoiding duplication, establishing clear roles and responsibilities for who manages licenses, and training relevant staff.

While the bill’s obvious benefits are cutting costs – its sponsors estimate it could save the government $4 billion per year – it’ll also make our federal agencies more secure. The bill will force them to understand what software is on their network – a critical first step to protecting against cyber attacks.

What questions to ask

Too many organizations can’t answer three basic questions about their network: 1. how many endpoints are on the network; what’s running on them; and who has access to them.

If an agency CIO can’t answer those basic questions, they can’t do a basic risk profile. They can’t spot an abnormality. Put another way, you can’t protect what you can’t see. This is not a new insight, but it’s a lesson that needs to be learned – which is why we’re happy that the MEGABYTE Act makes it law.

Fortunately, the Act requires agencies to not just establish a baseline inventory, but also to regularly track and maintain licenses. We encourage agencies to use this as an impetus to go a step further, and establish complete real-time visibility into their network, including all the software, devices, and people that are on it. This instant visibility is the only way to know when a hacker has gained access, and shut it down as soon as it happens.

The principles behind the MEGABYTE Act – responsible and efficient software management – are the same ones that Tanium has helped organizations achieve for years. We help IT administrators identify, in real time, exactly what software is on a network, who is using it, and how much they are using it. Along with immediately identifying attacks, this also makes it easy to see which licenses aren’t being used, and fewer unused licenses equals fewer entry points for potential hackers.

We’re excited about MEGABYTE because we know the value of understanding your network. We know how critical it is to preventing cyber attacks. And while enhanced cybersecurity may not be the Act’s main goal, it certainly can be a corollary outcome.

About the author: Ralph Kahn is Vice President of Federal for Tanium. In this role, he is delivering on the U.S. Government’s need for real-time situational awareness at scale. Ralph has more than 25 years’ experience in the technology industry. Previously, Ralph served as Vice President for Intel and emerging technologies at McAfee, where he was responsible for leading an advanced technology group chartered with forward-looking cyber research. Under his direction, this group discovered several new threat vectors and developed an information sharing and cyber system interaction model that is being used at the core of the McAfee products and is being extended to include other cyber security products.