Organizing to meet the most urgent threats
COMMENTARY: The government’s recognition of the need for asset visibility has kickstarted the process by which agencies have begun to focus on contextualizing assets in their environments, prioritizing threats and then taking action to stay protected.
As cyber threats against government agencies and critical infrastructure continue to grow, federal cybersecurity leaders must expand their focus beyond IT to include threats against all physical and virtual assets connected to the network, such as operational technology, the internet of things, building management systems and more.
This necessity has been recognized at the highest levels of the federal government. Over the past few years, we have seen a strong policy push from the White House and oversight agencies like the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency for asset visibility. The Biden Administration's cybersecurity executive order and CISA's binding operational directive 23-01 specifically call out the importance of identifying and inventorying IT assets on federal networks.
Meanwhile, the government’s emphasis on zero trust adoption/transitions — with the Office of Management and Budget imposing a September 30, 2024, deadline for zero trust adoption at every federal agency — also demands strong asset management. OMB's most recent FISMA guidance sets clear expectations for federal cyber leaders to engage more deeply with Continuous Diagnostics and Mitigation tools and to inventory IoT devices.
The government’s recognition of the need for asset visibility has kickstarted the process by which agencies have begun to focus on contextualizing assets in their environments, prioritizing which threats must be most urgently addressed and then taking action to stay protected.
For example, the Department of Health and Human Services announced a major reorganization in July 2024 to “streamline and bolster technology, cybersecurity, data, and artificial intelligence strategy and policy functions." HHS has also proposed a significant budget increase to provide cybersecurity improvement grants to the health care sector. This tightly aligns with the overall focus on critical infrastructure and seeks to address the challenges of underfunded cybersecurity typical in areas including healthcare, water systems and other critical functions.
HHS and other agencies such as the Department of Veterans Affairs and DHS are expanding their use of CDM tools to address the complexities of IT/OT convergence, in addition to fostering collaboration across federal agencies and strengthening the overall cybersecurity posture of the government to ensure the entire attack surface is defended and managed in real time. For its part, DHS requested $421 million for its CDM program to address cyber threats to federal civilian networks.
These developments illustrate the government’s recognition of the critical need to protect itself against rising cyber threats from global adversaries and other malicious actors at a time when our very system of government is threatened by cyberwarfare. In a year when over half of the global population will head to the polls in elections across 76 countries, 40% of U.S. IT leaders say cyberwar could affect the integrity of an electoral process.
So, with this recognition and support from the highest levels of government, how should agencies respond? There are three steps they should take to begin implementing recent directives and guidance:
- Contextualize IT, OT, IoT, BMS devices and other assets from the ground to the cloud: Start by mapping all assets to security tools to provide real-time data on the effectiveness of the agency’s current security stack as well as highlighting gaps and duplicative coverage.
- Identify and prioritize the threats that matter most: Leverage technologies enhanced by actionable threat intelligence to determine which vulnerabilities are most likely to be exploited or will have the greatest impact on the agency’s business. Once those threats are identified, agencies should deploy safeguards and track and report on the scope and quality of critical cybersecurity deployments to ensure they align with the organization’s cyber goals.
- Take advantage of the power of technology for action and remediation against threats: Enlist help from the private sector to deploy the tools necessary to manage the remediation process effectively.
Federal government agencies are under increasing pressure to protect themselves and society as we know it from increasing cyber threats and to comply with a litany of regulations and directives from oversight agencies. Fortunately, technology and tools exist to help them achieve these critical objectives.
NEXT STORY: The migration challenge