“We are at a point where the stakes of defensive stagnation pose increasing risks in the face of threat actors’ innovation. This is why it’s so important to continually evolve in how we prevent, detect, and respond to cyberattacks.”
This excerpt from my recent testimony to Congress underscores the greatest challenge facing public sector organizations today. Threats are proliferating as nation-state and criminal groups use advanced attacks to target government systems, critical infrastructure and businesses nationwide.
During the hearing, we reviewed the state of cybersecurity overall and evaluated developments within the Cybersecurity and Infrastructure Security Agency (CISA). CrowdStrike collaborates with CISA across several key programs: We were one of the original members of the Joint Cyber Defense Collaborative (JCDC) and are an active member today; we provide cyber threat intelligence and technology to protect CISA and other government departments; and we use CISA advisories and provide technology for other stakeholder groups such as critical infrastructure entities.
Next week at CrowdStrike’s first-ever Government Summit, we’ll discuss the capabilities, tactics and technologies needed to protect the public sector. Register now!
The hearing was timely, occurring at a pivotal time for CISA and for federal cybersecurity overall. Over the past couple of years, CISA has hit its stride across several operational and planning functions. Major transitions are taking place across federal cybersecurity, especially with respect to security program modernization and Zero Trust architecture. And in the background of all this, geopolitical conditions have created a worsening cyber threat environment.
Recent progress in the Federal Civilian Executive Branch (FCEB) showcases how public sector organizations can respond to change by improving their approach to security. Going back 20 years, federal agencies often had considerable security strengths compared to businesses. However, as cyberattacks grew more advanced, the private sector adjusted accordingly and surpassed the FCEB’s security strengths.
Now, the federal security community is catching up by embracing key concepts such as the centralized visibility of IT infrastructure. Executive Order 14028 on Improving the Nation’s Cybersecurity mandated the use of best practices such as enhanced logging and now-baseline technical tools like EDR. The Office of Management and Budget’s Federal Zero Trust Strategy enforced approaches such as increased adoption of cloud technologies, credential management practices and defensible IT architecture. Even as implementation continues, these initial efforts are already showing positive results.
The stakes are high. The FCEB continues to be a key target of adversaries that seek to harm the United States, and friends and allies look to the government as an example of how to organize their own cybersecurity efforts. When it comes to federal cybersecurity, the government must lead by example. Below is some guidance for public sector organizations to improve their cybersecurity, defend against the threats of today and prepare for the threats of tomorrow.
5 Key Recommendations to Secure the Public Sector
The only way forward is for public sector organizations to continue adopting best practices and working together to prevent, detect and respond to cyberattacks.
- We must implement key lessons learned: Organizations show uneven progress in adopting key post-breach lessons, from implementing new security controls to making changes to develop more secure architectures. Some of the essential lessons learned in recent breaches include using managed services to augment existing staff, adopting cloud-based IT and systems where possible, and employing Zero Trust architecture.
- We must approach regulation deliberately: New regulatory measures are well-intended but stakeholders may now face overlapping and sometimes conflicting requirements. At best, such mandates close long-standing gaps and strengthen national security; at worst, they risk introducing burdensome and expensive obligations without meaningful security improvements. New regulations must be deliberate; they must use principles-based requirements; and they must include provisions to regularly review and harmonize requirements as necessary.
- We must focus more on incident response capacity: The JCDC should continue to coordinate and develop community response plans, and CISA should weigh potential JCDC contributions for future changes to the National Cyber Incident Response Plan. A CISA-administered program to retain outside providers for emergency incident response could be tremendously valuable in a future incident by mitigating severe impacts and ensuring CISA can orchestrate incident response activities in real time.
- We must empower defenders with cutting-edge defense capabilities: Defenders are too often equipped with inefficient and ineffective technologies which, when they fail, leave them vulnerable to attack. Organizations with leading technology solutions are empowered: They can see the impact of the technology each day and focus on their mission. Access to better tools and security services can drastically improve outcomes.
- We must attract and retain top cybersecurity talent: There is a wealth of inspiring talent in the security field. These individuals are motivated by a sense of mission; however, they often experience the common issue of burnout pervading the industry. Aligning roles to an organization’s key missions can help people recognize the uniqueness of their contributions and drive motivation. At the same time, leveraging managed services and mitigating time-consuming compliance regulations can address burnout. It’s imperative we continue to recruit skilled employees and grow the cybersecurity talent pipeline.
Next week at CrowdStrike’s Government Summit, cybersecurity and government leaders will discuss the critical issues facing the public sector. I’ll be speaking with the Office of the National Cyber Director in a fireside chat to review critical issues related to supply chain security. Register now to join us and learn more about the capabilities, tactics and technologies that will power efficiency while protecting your agency from cybercrime.
Additional Resources
- Keep up-to-date with cybersecurity policy developments at the CrowdStrike Public Policy Resource Center.
- Learn more about the powerful CrowdStrike Falcon® platform by visiting the webpage.
- Get a full-featured free trial of CrowdStrike Falcon® Prevent and see how true next-gen AV performs against today’s most sophisticated threats.