Officials from the U.S. Cyber Command, the Air Force and the Department of Homeland Security are finding ways to strengthen our nation’s IT defenses in short amounts of time. Here’s how they’re doing it.
A little known but important shift is happening across the government IT world right now. Federal CIOs and CISOs are recognizing that, to truly improve cybersecurity, they need better information in real time, with a corresponding shift to faster, more flexible business processes.
While government procurement rules make it extremely difficult for agencies to move quickly, our nation’s cyber leaders have still found ways to strengthen our IT defenses in short amounts of time. Late last year, all 133 U.S. Cyber Command teams achieved initial operating capacity. The Homeland Security Department has helped almost every federal agency adopt its Einstein 3A network defense program. Meanwhile, the Air Force deployed its Automated Remediation and Asset Discovery system across its entire network in under eight months.
These accomplishments cannot be understated, especially given the size of the networks that our government’s cyber leaders manage.
I recently spoke on a Federal Executive Forum panel on these issues—including the progress the government has made and the top challenges it still faces—with several government and industry leaders. Panelists included:
- Lt. Gen. J. Kevin McLaughlin, U.S. Air Force, Deputy Commander, USCYBERCOM
- Tamara Lilly, Deputy Chief Information Security Officer, Department. of Homeland Security
- Peter Kim, Chief Information Security Officer, U.S. Air Force Cyber
- Ryan Gillis, Cybersecurity Strategy & Global Policy, Palo Alto Networks
- Scott Gray, Senior Vice President, Leidos
Moving quicker must remain a top priority for the government. When agencies use integrated platforms that operate at speed, it changes what’s possible. These tools exist today. Just look at the Air Force, which is using such tools to achieve total visibility over its networks and be compliant and patched 365 days a year. Here’s what speed has allowed the Air Force to accomplish:
- Shift from discrete actions to integrated work processes. When agencies use dozens of different tools that each solve unique problems, it disrupts their workflow, slows down their processes and leaves them susceptible to attacks. By using a single integrated platform with integrated processes, all of this changes: they can instantly move from detecting a threat to remediating it. This shortened response time can make the difference between a breach that takes down a network and one that causes minimal damage.
- Rewrite the risk equation. For a long time, agencies had a legitimate concern that deploying a security patch across an administrative system could go awry and take it offline for hours or days. This no longer has to be the case. With the speed of best-in-class commercial tools today, agencies can restore their systems in minutes. And so, the risk equation changes: the risk of getting hacked because of not deploying a patch is now greater than the risk of a patching issue.
- Better data, better decisions.</strong When agencies make decisions on IT management and cybersecurity, they need to make it on good data. But currently, agencies don’t have this data. When asked how many endpoints are on their network, what’s running on them and who has access, CIOs don’t have an exact answer—or they have an answer from six months ago. This must change. We need to get agencies to the point where they have real data in real time that allows them to make better IT decisions.
Now, we need to take the success of the Air Force and replicate this across the government. This starts with the government recognizing that these factors—integrated processes with real-time visibility and control—should be standard in all IT procurements. Ultimately, agencies should be able to dynamically change their controls in real-time to meet the threats in front of them.
About the Author: Ralph Kahn is Vice President of Federal for Tanium. In this role, he is delivering on the U.S. Government’s need for real-time situational awareness at scale. Ralph has more than 25 years’ experience in the technology industry. Previously, Ralph served as Vice President for Intel and emerging technologies at McAfee, where he was responsible for leading an advanced technology group chartered with forward-looking cyber research. Under his direction, this group discovered several new threat vectors and developed an information sharing and cyber system interaction model that is being used at the core of the McAfee products and is being extended to include other cyber security products.