Keys to cyber defense: Internal info sharing, skilled staff

When it comes to cybersecurity, federal agencies could benefit from more internal information sharing and investment in skilled IT personnel, panelists at the FOSE conference and exposition said April 3.

Detecting anomalies from the background noise of the network is an important challenge facing both public and private enterprises. The Energy Department, for example, has many capabilities in its various organizations, said Brian Varine, the department’s director of incident management. An important asset is the Joint Cyber Security Center, which collects network data and can alert DOE and the United States Computer Emergency Readiness Team in the event of an incident.

Before launching its cybersecurity center, DOE did not have much information sharing across its various organizations, Varine said. This is because the department's various national laboratories are run by contractors. But over time, the labs realized that they needed to share data with each other for their own security, he added.

Like DOE, the various organizations within the Federal Aviation Administration used to manage their own networks with very little information sharing, said FAA CIO Joe Albaugh. Enterprisewide network information is now managed through the FAA’s Cybersecurity Management Center, which collects data from across the organization. Sharing information across the organization effectively puts a spotlight on the network, he said.

Another challenge faced by federal agencies is reviewing log records for anomalies, which is manpower-intensive. But people are a key part of the process, which also involves a combination of teamwork, data and alertness to detect intrusions, Albaugh said. “You can’t expect that technology will just solve that problem,” he said.

Federal organizations need skilled IT personnel who are also hungry for challenges, Varine said. Successfully detecting a network intrusion involves more than software tools; it often boils down to one smart individual asking questions, he added.

It is also very rare for hackers to get into a network without tripping some kind of alarm, Varine said. The important issue is whether the incident will get the attention of an analyst.

The private firms and businesses that own much of the nation’s Internet infrastructure also need to sign off on security measures, Albaugh said , adding that FAA has successfully negotiated security issues with commercial system owners and other stakeholders. “It has to make sense to them,” he said.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected