Innovations that strengthen cybersecurity

What: ACT-IAC’s “Strengthening Federal Cybersecurity: Results of the Cyber Innovation Ideation Initiative” -- a distillation suggestions from the cybersecurity community presented to U.S. CIO Tony Scott.

Why: In light of recent breaches in both public and private sector organizations, ACT-IAC assembled recommendations from industry, government and academia on ways agencies can strengthen cybersecurity programs.

Findings: The report addressed security challenges in a few key areas, such as lack of communication between cybersecurity professionals and agency business executives, threat information sharing and cybersecurity-related training. From the nearly 200 ideas submitted, ACT-IAC provided eight broad recommendations:

Focus on fundamentals. Agency leaders should take a methodical, deliberate approach to cybersecurity, ensuring they have accurate and continuously maintained inventories of all IT assets and security controls, follow security standards and increase staff accountability.

Secure business systems. Agency business program managers must understand the cyber risks in their day-to-day operations,  and improve asset management and access controls across business systems.

Speed breach response. Agencies need effective breach response plans and procedures that include “signature-based” techniques, penetration testing, breach awareness technologies and greater staff awareness.

Adopt multilayered security. To improve breach resilience, agencies should focus on protecting data and tracking data exfiltration, rather than just enterprise security architecture, and transition to a “network of secured systems.”

Share threat intelligence information. To minimize risk most efficiently, agencies should share threat data with the vendor community and other agencies, standardize threat-data sharing processes and encourage easier sharing practices.

Modify cyber talent search. Agencies should use internships and outreach programs to target high school and college-level talent, look for individuals already familiar with agency technology (both inside agency IT offices, and outside through hackathons and high-profile cyber conferences) and focus on performance-based training and skills.

Make risk management an executive-level responsibility. The report recommends that agencies transition from a compliance-focused approach to a risk management-focused one by implementing a cybersecurity governance framework with guidelines that integrate with organizational business models.

Build security into acquisition. Agencies are urged to opt for a process that is agile, dynamic and responsive to procure services and capabilities, such as cloud or software-driven infrastructures.

Read the full report here.

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected