NIST Frames the Cyber Challenge

Cybersecurity in government is no longer an afterthought. Security officers are helping to strategically design their networks and systems to comply with cyber demands from the moment they begin considering acquiring a new solution. This new method of security integration from procurement onwards is also helping agencies to develop architectures that are agile and resilient. The entire government cybersecurity community, including industry, academia, executives, and agencies themselves, have committed to work together to counter threats intelligently and to collaborate in order to stave off the new generation of attack vectors.

It’s clear that government has come a long way in developing their security postures. In light of this infusion of security into all parts of an agency, we’re excited to kick off Cybersecurity Awareness Month with reflections on the past; we’re beginning with a look at the origin of cyber preparedness in government, particularly Executive Order 13636 which prompted the NIST Cybersecurity Framework.

Developed through collaboration between industry and government in 2013, NIST’s Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. Over the past few years, the framework has served as a guidebook for organizations across government when it comes to addressing cyber risk. It was designed to give organizations a flexible, but well-informed, guide to securing their critical systems.

However, cyber threats have evolved dramatically since 2013. In the current environment, agencies are tasked with protecting more endpoints than ever, given the influx of virtualized systems and mobile devices, and are dealing with huge amounts of big data to secure from IoT devices and integrated computers, plus more – the list keeps growing every day. As systems grow more complex, adversaries have greater opportunities to bore into government systems. Ron Ross, a NIST fellow, recently said that NIST’s Cybersecurity Framework, which was a powerful component to a cybersecurity plan in 2013, is now a waterline approach to security. It’s time for agencies to take their strategies below that waterline to better defend against future threats.

To go deeper into security and solve pressing issues, agencies should consider re-evaluating the ways in which they first approached the original NIST Framework, particularly the Framework Core. The core, organized into five key functional areas, is still a powerful guideline for agencies to use when procuring, designing, strategizing, and deploying next-generation cybersecurity systems, patches, and solutions. When performed parallel to each other, each core function can help organizations dig deeper, protect themselves more effectively, and develop resiliency. With this in mind, Carahsoft has designed their cybersecurity portfolio around these NIST core tenets:

  1. Identify

Determines which systems need to be protected and assesses priority in light of the organizational mission. Moreover, seeks to help agencies mange processes in a way that meets business risk and budget goals.

  • Symantec – Global Leader in Information Security
  • Tripwire – Protective Threat Detection and Response
  • CyberArk – Protects and Manages Privileged Users
  1. Protect

Managerial, technical, and operational activities that enable organizations to deploy the appropriate outcome-based actions that protect against threats to critical infrastructure.

  • Akamai – Content Delivery Platform
  • HyTrust – Virtualization Security, Compliance, and Control
  • Vormetric – Key Management with Policy-Based Encryption
  1. Detect

Ongoing monitoring and observation that identifies abnormal activity that could lead to a cyber risk event and assesses of the potential impact of those events.

  1. Respond

Risk management decisions and actions that are enacted once a threat is discovered and the impact is estimated.

  1. Recover

Restoration of services and data impacted by a cybersecurity risk event.

Taking a holistic approach to your agency’s cybersecurity strategy and planning cybersecurity into your programs and processes from the beginning is key to maintaining a strong defensive posture in today’s cybersecurity landscape. As threats evolve, agencies will need to continue to build more trustworthy systems with the NIST Framework in mind. Adopting this approach will be imperative for agencies to go under the waterline to more effectively protect themselves.

To learn more about how agencies are developing new defense strategies and becoming more resilient, check out the recent GCN Innovation in Government Report: The Era of Cyber Resilience.

Stay tuned into the Carahsoft Community throughout the month of October for a deep dive into key cyber trends and the innovative ideas and solutions that can help solve them!

Related Articles