Innovations that strengthen cybersecurity

What: ACT-IAC’s “Strengthening Federal Cybersecurity: Results of the Cyber Innovation Ideation Initiative” -- a distillation suggestions from the cybersecurity community presented to U.S. CIO Tony Scott.

Why: In light of recent breaches in both public and private sector organizations, ACT-IAC assembled recommendations from industry, government and academia on ways agencies can strengthen cybersecurity programs.

Findings: The report addressed security challenges in a few key areas, such as lack of communication between cybersecurity professionals and agency business executives, threat information sharing and cybersecurity-related training. From the nearly 200 ideas submitted, ACT-IAC provided eight broad recommendations:

Focus on fundamentals. Agency leaders should take a methodical, deliberate approach to cybersecurity, ensuring they have accurate and continuously maintained inventories of all IT assets and security controls, follow security standards and increase staff accountability.

Secure business systems. Agency business program managers must understand the cyber risks in their day-to-day operations,  and improve asset management and access controls across business systems.

Speed breach response. Agencies need effective breach response plans and procedures that include “signature-based” techniques, penetration testing, breach awareness technologies and greater staff awareness.

Adopt multilayered security. To improve breach resilience, agencies should focus on protecting data and tracking data exfiltration, rather than just enterprise security architecture, and transition to a “network of secured systems.”

Share threat intelligence information. To minimize risk most efficiently, agencies should share threat data with the vendor community and other agencies, standardize threat-data sharing processes and encourage easier sharing practices.

Modify cyber talent search. Agencies should use internships and outreach programs to target high school and college-level talent, look for individuals already familiar with agency technology (both inside agency IT offices, and outside through hackathons and high-profile cyber conferences) and focus on performance-based training and skills.

Make risk management an executive-level responsibility. The report recommends that agencies transition from a compliance-focused approach to a risk management-focused one by implementing a cybersecurity governance framework with guidelines that integrate with organizational business models.

Build security into acquisition. Agencies are urged to opt for a process that is agile, dynamic and responsive to procure services and capabilities, such as cloud or software-driven infrastructures.

Read the full report here.

About the Author

Amanda Ziadeh is a Reporter/Producer for GCN.

Prior to joining 1105 Media, Ziadeh was a contributing journalist for USA Today Travel's Experience Food and Wine site. She's also held a communications assistant position with the University of Maryland Office of the Comptroller, and has reported for the American Journalism Review, Capitol File Magazine and DC Magazine.

Ziadeh is a graduate of the University of Maryland where her emphasis was multimedia journalism and French studies.

Click here for previous articles by Ms. Ziadeh or connect with her on Twitter: @aziadeh610.

inside gcn

  • health data

    Improving the VA patient journey with data transparency

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group