Civilian Agencies’ Uphill Battle Against Cyber Threats

by Lloyd McCoy Jr., Consultant

You’ve no doubt heard about the recent discovery that millions of past and present federal employees had their personal data stripped from OPM and IRS systems.  This incident comes with more recent revelations including the OPM attack was just 1 of 9 against the federal government targeting personal information. Recent weeks are a stark reminder of the uphill battle civilian agencies are facing.

This statistic was front of mind for the Government Accountability Office, which in February issued a report highlighting the security deficiencies of almost two dozen civilian agencies. Despite often being smaller in size, civilian departments like OPM, IRS, Labor, and Treasury (to name a few) are still big targets for cyber threats, especially since they handle extraordinary amounts of sensitive information. Not having robust cybersecurity capabilities in place is a huge gamble.

Fortunately, the government isn’t turning a blind eye. The FY16 budget request includes more spending on cybersecurity, with OPM in particular asking for $20 million in upgrades. Also, the White House announced it would speed up deployment of the latest iteration of its civilian agency-wide intrusion detection system, EINSTEIN. Additionally, the NIST Cybersecurity Framework, the Continuous Diagnostics and Mitigation (CDM) program, and potential information sharing bills on the Hill reflect a coordinated and robust response to these threats.

While this is good news for cybersecurity vendors, unfortunately agencies are battling foes that are nimble and often leave no known signatures, a frequent strategy for detecting and averting a cyber -attack. The result is civilian agencies like IRS and OPM are treading water in the face of a relentless enemy. It stands to reason the civilian sector of government is anxious to hear about what your solutions can do for them.

Here are some tips I thought would be helpful when approaching civilian agencies with your solutions:

• If you have a solution you’d like to sell, be prepared to tell that agency what products they can part ways with as a result of investing in your product. While security is a relatively stable area of the budget, it doesn’t change the fact civilian agencies are resource constrained
• Selling cybersecurity solutions requires understanding pain points in the areas of the workforce
• Make sure your solution is interoperable with tools being run out of the Department for Homeland Security, which oversees enterprise-wide cybersecurity efforts for civilian agencies

Fortunately, program managers and others controlling agency funding, recognize the magnitude of the threat and why industry outreach is critical. A steady dialogue between industry and government agencies is essential to understanding the unique way the cyber threats challenge them and how your product can play a vital role to detecting cyber-attacks.

 If you need help identifying top federal decision-makers and opportunities in cybersecurity and other technology disciplines, contact immixGroup’s industry-leading Market Intelligence team today to learn about specific offices and contacts that have a pressing need for your solution.