Kelsey Hill, President, Hill Associates
Hill Associates, a Rockville, Maryland based small business specializing in IT infrastructure and cybersecurity services, has made predictions for Federal Government cybersecurity in 2021. While the COVID pandemic defined 2020 for the Federal Government, Brian Clary, Senior Vice President at Hill Associates, stated “The large-scale hack on Federal Agencies in December provides a reminder that cybersecurity threats remain a significant risk to Government systems.” Based on lessons learned and on-going impacts from these major events, as well as other major trends in the cybersecurity ecosystem, Hill Associates predicts the following for Federal cybersecurity in 2021:
Under the recent large-scale cyber attack on Federal Government agencies and private sector firms, hackers were able to infiltrate Government systems through a malicious software update introduced via the Orion application from SolarWinds, a U.S. network-management company. The SolarWinds’ Orion application build system was compromised, and software updates became surreptitiously weaponized.
Tim Clinton, Hill Associates cybersecurity operations lead, pointed out that “this attack demonstrates that Federal Agency software supply chains remain vulnerable to cyber threats.”
In this cyber incident, attackers directly attacked the trust relationship that exists between the supplier and customer.
This is an important nexus in the growing software economy. Supply chains can be complex, globally distributed, and can consist of multiple tiers of outsourcing. As a result, agencies may have limited visibility into supply chain security controls. This is a critical issue, and we predict that the Federal Government will apply significant attention in 2021 to improving security of the software supply chain. This may include action in areas such as procurement and acquisition decisions; use of frameworks like FedRamp and DoD’s Cybersecurity Maturity Model Certification (CMMC) to validate supply chain security controls; Agency level supply chain risk assessment and management processes; and finally, the increased use of artificial intelligence and machine learning automated tools to provide agencies with deeper and faster insight into their supply chains.
Cybersecurity Data Science
We predict that in 2021 Federal Agencies will accelerate introduction of data science methodologies, including machine learning and algorithms to extract insights from security-related data.
Jakub Pitha, Hill Associates cybersecurity consultant and strategist, points out that “Federal Government cyber operations are confronted with the critical challenge of continuously analyzing a massively growing volume of network and security data. Essentially, cyber operations is steadily becoming a big data problem.”
To solve this data deluge challenge, we predict Federal agencies will increase adoption of cybersecurity data science techniques and advanced analytical methodologies to yield value-creating insights from security data. The outsourcing of cybersecurity functions, combined with the introduction of data science tools, will transform the Government’s legacy cybersecurity paradigm from cyber operations to cyber analytics. Government agencies will augment cybersecurity teams with data science experts and capabilities. Cybersecurity data science will improve the analysis of security data to discover hidden patterns, better understand system behavior, and become more predictive rather than reactive.