When it comes to facing cybersecurity emergencies, several US government agencies are no strangers to the pressure of containing the situation.
Some of the biggest data breaches in the past involved state and federal government agencies such as the Georgia Secretary of State Office, US Department of Veteran Affairs, US Office of Personnel Management, and the Office of the Texas Attorney General.
These cyberattacks involved millions of compromised records, which understandably sent shivers down the spine of the people affected as it opens them up to targeted attacks by the perpetrators.
Now, what steps are the US federal and state government agencies taking to address their cyber vulnerability and prevent similar attacks from happening in the future?
Here are five steps they’ve put in place to minimize or prevent future cyberattacks:
NIST 800-171 compliance
For government contractors with Department of Defense (DoD) and similar government agency contracts, they are required to satisfy the requirements stipulated in the National Institute of Standard and Technology’s (NIST) 800-171 Special Publications (SP). This measure specifically aims to protect the safety of all Controlled Unclassified Information (CUI) in government systems and organizations that are not classified as federal.
Beginning the 1st of January 2018, all government contractors are expected to meet each of the requirements outlined in the said document, especially if their contracts became effective after December 31, 2017. Failure to comply with the requirements could lead to contract termination, administrative, criminal, and civil cases, as well as contract penalties.
Fortunately, there are companies offering reliable NIST 800-171 compliant security services to government contractors who need assistance in navigating the compliance process. These service providers can help simplify the entire process and ensure 100 percent compliance to it. This way, government contractors can breathe easy knowing that they are safe from any accountability.
Cyber threat hunting
Question: What’s the best way to prevent a cyberattack from happening?
Answer: Find the threats and prepare for them before they materialize.
Learning from the lessons of its past mistakes, the federal government is now taking a proactive stance in making sure that potential cyberattacks are quickly nipped in the bud. This process is called cyber threat hunting, which involves actively looking for both dormant and active threats and finding ways to neutralize them or set the necessary safety nets in case an attack does take place.
For this to be effective, government cybersecurity teams need to pinpoint both external threats and internal weak points in terms of system capability and human vulnerability. By looking for weaknesses in these areas, it’s possible to lay down appropriate proactive measures to ensure that all threats are addressed accordingly.
Cyber intelligence data sharing
There are cases when different government agencies must share whatever intelligence they have concerning cybersecurity threats.
Through the free exchange of intelligence, government agencies can pool not just information, but also resources that are critical in both proactive measures and quick response capabilities in case of a cyberattack.
While it’s understandable that such a system won’t always go as smoothly as expected due to differences in operational protocols or priorities, the openness of different government agencies to work together and share vital information is a huge development already. In time, such a cooperative effort could be improved until it becomes second nature for the cooperating agencies, thus improving efficiency and effectiveness in terms of identifying, preventing, and minimizing risks of cyberattacks.
Automation of security operations
Right now, the US government has started to automate security measures on cybersecurity. Intelligence data derived from intelligence-sharing among federal agencies are now routinely incorporated into what they call indicators of compromise (IOCs).
There are now automated systems that proactively search for the IOCs, as well as other threat actors that specifically have their eyes glued on federal targets. With such an automated threat detection system, concerned government agencies can be quickly alerted to any unusual activity that is indicative of an impending cyberattack. This allows them to lay down the appropriate preventive measures that are commensurate to the level of threat that the system detected.
24/7 security monitoring, boundary protection, and lifecycle management of security events
Back in 2018, the US Office of Management and Budget (OMB) pushed for the unhampered monitoring and management of all federal information technology (IT) systems. The move was meant to address the loopholes and vulnerabilities of the old monitoring system, which inadvertently leaves government agencies at the mercy of cyberattack groups.
The US Department of Homeland Security (DHS) was tasked to craft a Continuous Diagnostics and Mitigation Program (CDM) that aimed to improve the monitoring and diagnostics capabilities of federal agencies and departments through better sensor capacity, risk prioritization, and automated data collection.
With these five steps, the US government hopes to minimize, if not totally prevent, all types of cyberattacks that threaten national security.
