Government’s answer to cybersecurity is the most simple and most complicated

Lloyd McCoy Jr.cybersecurity, information sharingBy Lloyd McCoy, DOD manager

The key to tackling cybersecurity threats in government is a simple lesson most of us learned in preschool: how to share.

Information sharing among federal departments could be the answer to combating cyberattacks. But the big question is whether the Department of Defense and other agencies can share enough.

At the Defensive Cyber Operations Symposium this past June, Justin Ball, technical director for the Department of Defense Information Network’s Operations and Defensive Planning Division, described the hurdles faced by the agency in the face of new and increased security threats.

Considerable attention has been given recently to the launch of DOD’s cyber mission teams, and Ball acknowledged the importance of cyber workforces throughout all levels of government. But for these teams and workforces to succeed, threat information must be shared broadly and systematically, Ball added.

A successful cybersecurity program must be defensive and offensive because organizations need to know whom they should initiate proactive countermeasures, rather than just reacting to the latest advanced threat.

And advanced threats themselves are on the increase, with network compromises more insidious and harder to detect than ever before. One of the lessons learned after the colossal security breach at the Office of Personnel Management in 2015 was how long it can actually take for a threat to be detected. The average lag time is a shocking 205 days, and even 250 days is not unheard of.

Because of the interconnectedness of communications, new mobile vulnerabilities and new malware variants are being continually introduced. It’s becoming nearly impossible for any agency to keep up by itself.

DOD is using a variety of systems to gather threat information, as well as privately sourced threat intel.

While commercial sources of threat identification are important for DOD, so too is threat information shared by America’s partners in the so-called Five Eyes intelligence alliance that includes Australia, Canada, New Zealand and the United Kingdom. Ball noted, however, that the agency is behind the curve on information sharing, and is challenged as to how to ingest reporting information.

To read more about DOD’s approach to  information sharing, read the rest of Lloyd McCoy’s Government InfoSec blog on the CSO Online.

About Lloyd McCoy Jr.
Lloyd McCoy is the manager of immixGroup’s Market Intelligence organization, leveraging market analysis and purchasing trends to help immixGroup suppliers and partners shorten their sales cycles. He has a M.S. in Strategic Intelligence from the National Intelligence University, a M.A. in Public Policy and a B.A. in Political Science, both from the University of Maryland. Prior to joining immixGroup, Lloyd was a senior analyst in the Intelligence Community for eight years, serving in a variety of senior analytic and project management positions in the U.S. and abroad.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: