Cybersecurity has become a vital part of every sector, including the government. Both federal and state-level government CIOs are trying to design a robust cybersecurity strategy. However, what are the challenges that are holding them back?
FREMONT, CA: Only a few would disagree that an efficient cybersecurity profile calls for candid assessments of possible susceptibilities. Let's have a closer view of the challenges facing the federal cybersecurity mission and the hard work of state government CIOs.
Federal-Level Cybersecurity Overview
According to a report by the Harvard/Belfer Center report, many key federal agencies are playing cross-cutting roles to assist, supervise, or oversee cybersecurity practices’ implementation by other agencies. These agencies comprise the General Services Administration, the Office of Management and Budget, the Department of Homeland Security (DHS), and the National Institute of Standards and Technology. DHS plays explicitly an operational role in assisting, directing, and engaging with agencies to apply federal cybersecurity measures.
Under DHS, the Cybersecurity and Infrastructure Agency (CISA) is accountable for safeguarding the crucial infrastructure of the nation from physical and cyber threats. This mission requires impactful collaboration and coordination among a wide spectrum of the government and private sector enterprises.
Part of CISA’s mandate is engaging with the global cybersecurity community to make the security and resiliency of the overall cyber ecosystems stronger. It can be done by dealing with systemic challenges such as increasing global supply chains—by nurturing improvements in international amalgamation to deter malicious cyber actors and develop capacity, by accelerating research and development, and by enhancing the cyber workforce.
The goals of the cybersecurity strategy are broken down into five pillars: risk identification, vulnerability reduction, threat reduction, consequence mitigation, and cybersecurity outcomes.
State-Level Cybersecurity Overview
The state-level cybersecurity efforts also leave ample room for improvement. The recommendations included in the report ‘States at Risk’ include
• Seeking funds and informational sources from federal agencies
• Advocating for committed cyber funding on the state level
• Operating with college/universities and the private sector to build sources of new talent
It has been reported by the Center for Internet and Society that, besides creating boards, task forces, working groups, commissions, and related multi-agency and multi-disciplinary structures, many actions are being taken by the state that is related to
• Cyber incident response plans
• Approve programs targeting cyber susceptibilities
• Analysis and outreach
• Readiness exercises and simulations
The requirement for states and cities to step up their cyber readiness is demonstrated in incidents like the 2017 Atlanta ransomware attack. Though both FBI and DHS offered their assistance for the city to recover, limited federal resources do not always allow to respond to smaller-scale incidents. Therefore, states are under considerable pressure of developing their own resilient and robust cybersecurity capabilities.
Federal Vs. State-Level Government CIOs Cybersecurity: Shared challenges and key differences
In a survey conducted by Ponemon Institute, around 850 IT security practitioners from agencies on both sides of the aisle were analyzed to examine the shared challenges and key differences between state/local and federal cybersecurity efforts. Some of those key findings include:
Problems and Roadblocks
State and local respondents identified the need for stronger sharing of threat intelligence, whereas federal concerns comprised organizational politics, which impacted their capability to achieve a robust cybersecurity posture within their enterprises.
Lack of qualified personnel
This shortage is more grave at the state and local level as there is around 62 percent of skilled personnel. 53 percent of federal respondents revealed that the lack of required expertise is a significant disadvantage. Both groups are facing the challenge of limited budgetary resources as an issue.
Federal respondents spotted primary security threats: negligent insider followed by zero-day attack and contractor or third party mistakes. Primary security threats cited by local and state agencies included negligent insiders, failure to patch known susceptibilities, and zero-day attacks.
Perception of Preparedness
In Federal, 60 percent of respondents consider their organization’s cybersecurity program or activities as mature. On the other side, in state/local, only 38 percent agree that their agencies have obtained the maturity level in cybersecurity initiatives.
In a nutshell, cybersecurity is crucial for federal and state government CIOs. It is an enduring mission that is always evolving and transforming to stay one step ahead of the threat.
See More: Top Homeland Security Companies