As we reflect on Cyber Playbook 2015, we wanted to get post game interviews with some of the star players. First up is Travis Rosiek, Federal CTO, FireEye, who talked to the Carahsoft team about some of the major security challenges the government is currently facing.
What is the government’s biggest hurdle in implementing a successful cyber security plan? What technologies should cyber leaders consider moving forward?
Implementing an adaptive and effective cyber program within the government has several non-technical challenges that come to mind first. These challenges come in the form of creating policies, budgets, acquisition, human resources, operations, and program offices that have common goals collaboration, and adaptability. Gaps in any of these areas as well as not effectively focusing on emerging threats will greatly impede progress.
On the technical side, another significant hurdle is the complexity and fragmentation of government cybersecurity efforts, networks, and attack surface. This makes the effective development, implementation, and operationalization of cyber security tools incredibly difficult. You are only as strong as your weakest link, and when you are trying to leverage advanced technology across an agency with fragmented systems effectiveness wanes.
In your opinion, what are the top 5 security risks in government and how does FireEye help address these obstacles?
While there are five core security risks today that I’ve outlined below, it’s important to note that the Internet of Things (IoT), Mobility, and Industrial Control Systems (ICS) are rapidly growing risk areas to pay attention to as well.
- Gaps in understanding the threat landscape: The times when only a small number of organizations had to worry about advanced persistent threats and when basic cyber hygiene was enough to protect an organization are now over. The lines are blurring between run-of-the-mill cyber criminals and state-sponsored attackers. Thanks to unparalleled insights gleaned from the front-lines of the most advanced attacks, FireEye helps agencies apply threat intelligence tactically, contextually, and strategically through FireEye as a Service (FaaS), FireEye Threat Intelligence, and our Threat Analytics Platform (TAP).
- Relying on outdated strategies for new threat vectors: It’s a truism in cybersecurity that as soon as defenders come up with new defenses, the attackers will evolve their tactics. A cybersecurity approach based on yesterday’s information will not protect an organization from tomorrow’s threat. Cyber adversaries know that most organizations focus on meeting stagnant compliance standards and thus target those areas. This is a major issue when many programs currently focus on implementing cyber defenses that help achieve compliance. Again, thanks to FireEye’s unparalleled visibility, FireEye’s security platform and services identify more zero-day exploits used by attackers and more campaigns than anyone else. FireEye’s Mandiant Consulting team also provides Security Operations Center (SOC) consulting and Response Readiness Reviews for organizations to assess whether their internal security teams and operations are effective, efficient, and can help address any gaps that are identified.
- The assumption that compliance implies security: Unfortunately over the years, many organizations have interpreted that being compliant with prevailing standard is sufficient to keep malicious actors out of a network. That’s often in tandem with thinking “if we don’t see it, it didn’t happen.” That way of thinking has hopefully come to an end and more often than not the victim didn’t see it. As noted in the 2015 M-Trends report, 69% of victims were notified by a third party. Our Mandiant Consulting team is well known for providing Incident Response Services, but what is also very compelling is one of our more proactive offerings is also compelling. Our Compromise Assessments enable our highly skilled consultants to leverage the FireEye platform to help an organization identify whether an adversary already has access and is lurking around in their network.
- Workforce retention and recruitment: The loss of those with an understanding of agencies’ mission as well as of their legacy systems creates a major risk to an organization’s cyber readiness. More needs to be done to retain and recruit a skilled public-sector cyber defense workforce to ensure the success of Government decision making. Addressing some of the other risks noted above helps address the risks associated with the lack of cyber security talent as well as creates an attractive environment for them to work in. FireEye also offers various training and consulting engagements that teaches private industry lessons relevant to government workers.
- Lack of identity and credential management and awareness of where critical data and systems reside in your organization: I don’t need to heavily describe why this risk area is so critical; we have seen all too often the risks of improper identity and credential management and monitoring access to sensitive data. FireEye and Mandiant Consulting have been helping customers deal with these risks for over a decade, providing Security Program Assessments that identify weakness in these key areas.