Agencies seek new cybersecurity insights
Federal agencies are in the market for some new ideas about cybersecurity.
A survey by the 1105 Government Information Group found that many agency officials are looking to augment their current capabilities in many solution areas. But the survey also found a general dissatisfaction with existing cybersecurity approaches.
The list of hot technology areas includes data loss prevention, with 31 percent of respondents saying they have it in place and want to upgrade and another 17 percent investigating it.
Network forensics and analysis tools are also on the radar, with 29 percent looking to upgrade and 16 percent doing some research. Data-at-rest encryption is also on the rise: Although only 20 percent of respondents said they had it in place and were looking to upgrade, 15 percent said their agencies were investigating it. (See chart.)
But clearly respondents are looking ahead to emerging solutions. Asked if they are “fully confident” that their agencies’ current approach to cybersecurity is effective, 31 percent said they disagreed and another 28 percent were neutral.
Cybersecurity leaders across government are thinking along the same lines. There are several major initiatives under way to kick-start the development of new cybersecurity strategies and technologies.
Most notably, the National Institute of Standards and Technology has proposed sponsoring a federally funded research and development center focused on cybersecurity. The center, which will support the National Cybersecurity Center of Excellence, would provide a forum in which government and industry leaders can work together to address difficult cybersecurity challenges, NIST officials said.
The Science and Technology Directorate at the Department of Homeland Security also is seeking to spur more cybersecurity-related research. In October 2012, the directorate awarded 34 contracts to 29 academic and research organizations.
The office had issued a broad agency announcement requesting whitepapers addressing 14 technical areas, with a focus on new solutions for detecting, preventing and responding to cyber attacks on the critical infrastructure. After reviewing more than 1,000 submissions, the office invited 200 offerors to submit full proposals.
Meanwhile, the National Science Foundation is gathering input on the Federal Cybersecurity Research and Development Strategic Plan, which was issued in December 2011. That plan called for research around four major themes:
- Designed-in security: Creating system development practices that make systems more resistant to vulnerabilities, flaws and attacks.
- Tailored trustworthy spaces: Developing security capabilities that reflect a user’s context – and that can evolve as the context evolves.
- Moving target: Designing cybersecurity mechanisms and strategies that continually shift, making it difficult and costly for hackers to keep up.
- Cyber economic initiatives: Creating financial incentives, and associated metrics, that can motivate people and organizations to adopt cybersecurity solutions and practices.
However, auditors at the Government Accountability Office believe that the federal government would be better served if federal agencies did a better job of coordinating their cybersecurity-related research. What is needed is an overarching strategy that synthesizes existing strategies “to provide a comprehensive description of the current strategy, including priority actions, responsibilities for performing them, and time frames for their completion,” auditors wrote in a February report.