Morphing threat landscape demands evolution in agency cyber battle planning

A Symantec executive supplies federal agencies with a few tips about the state of the cybersecurity universe.

The number of cyber threats has increased exponentially during the past two years, and federal agencies now must develop new approaches to counteract those threats, according to GiGi Schumm, general manager for the public sector at Symantec Corp.

In 2008, Symantec identified 1.6 million individual malware applications circulating on the Internet, which was a larger number than several of the previous years combined, Schumm said at the FedScoop FedTalks 2010 conference this week. By 2009, the number of online malware applications identified rose to 2.9 million and continues to increase rapidly, Schumm added.

At the same time, Symantec has seen growth in online targeted threats — including those aimed at federal agencies. There also have been a greater number of timed, advanced and persistent cyberattacks, she added.

“It is not enough to just build higher walls,” Schumm said. “The way we secure our systems has to evolve and change.”


Related stories:

7 get awards for work on government cybersecurity

White House slow to implement cybersecurity recommendations, GAO says


One possibility is to develop methods to identify the source of individual bits of computer code attempting to infiltrate a network and to assign a risk score to those bits of code depending on whether they are from a trusted site or are newly created and used by a small number of users. If the bits of code score very high in risk — such as new codes from an untrusted source — they can be presumed to be malware and blocked automatically, Schumm said.

Federal agencies may find the prospect of improving cybersecurity less daunting if they first evaluate their mission-critical data, Schumm added. For most organizations, the critical data amounts to 10 percent or less of total data, while for public agencies the percentage is slightly higher, she said.

Once the key data is identified, the use of encryption and of an identity management and authentication scheme to ensure appropriate access to the data are all additional strategies that can be used, she added.