Federal agencies need to emphasize sharing security information between their various internal organizations to help facilitate network defense, panelists at FOSE said.
When it comes to cybersecurity, federal agencies could benefit from more internal information sharing and investment in skilled IT personnel, panelists at the FOSE conference and exposition said April 3.
Detecting anomalies from the background noise of the network is an important challenge facing both public and private enterprises. The Energy Department, for example, has many capabilities in its various organizations, said Brian Varine, the department’s director of incident management. An important asset is the Joint Cyber Security Center, which collects network data and can alert DOE and the United States Computer Emergency Readiness Team in the event of an incident.
Before launching its cybersecurity center, DOE did not have much information sharing across its various organizations, Varine said. This is because the department's various national laboratories are run by contractors. But over time, the labs realized that they needed to share data with each other for their own security, he added.
Like DOE, the various organizations within the Federal Aviation Administration used to manage their own networks with very little information sharing, said FAA CIO Joe Albaugh. Enterprisewide network information is now managed through the FAA’s Cybersecurity Management Center, which collects data from across the organization. Sharing information across the organization effectively puts a spotlight on the network, he said.
Another challenge faced by federal agencies is reviewing log records for anomalies, which is manpower-intensive. But people are a key part of the process, which also involves a combination of teamwork, data and alertness to detect intrusions, Albaugh said. “You can’t expect that technology will just solve that problem,” he said.
Federal organizations need skilled IT personnel who are also hungry for challenges, Varine said. Successfully detecting a network intrusion involves more than software tools; it often boils down to one smart individual asking questions, he added.
It is also very rare for hackers to get into a network without tripping some kind of alarm, Varine said. The important issue is whether the incident will get the attention of an analyst.
The private firms and businesses that own much of the nation’s Internet infrastructure also need to sign off on security measures, Albaugh said , adding that FAA has successfully negotiated security issues with commercial system owners and other stakeholders. “It has to make sense to them,” he said.