Tag Archives: Department of State

3 Strategies the State Department Can Adopt to Successfully Balance Infrastructure Modernization and Security

Posted on by
Reply

The Department of State’s (DOS) plan to modernize American diplomacy has two focuses: adopting critical and emerging technologies and strengthening cybersecurity. Secretary Antony Blinken cites these initiatives as an “aspect of foreign policy that has become critical in recent years.”

Yet, a recent survey indicates IT complexity is a top challenge when it comes to protecting against cybersecurity threats. The more technology added to a network, the harder it is to defend.

That’s why the DOS must adopt a security-first approach when building and deploying new IT infrastructure. By shifting security left, the organization will be better positioned to successfully balance modernization with security.

Here are three ways the DOS and other government agencies can achieve this objective.

SolarWinds SLG Infrastructure and Security Blog Embedded Image 2023Adopt a “secure by design” approach

Infrastructure modernization isn’t just about the tools that are added to a network. It’s also about the people who must manage the tools, and the different processes teams might use to ensure that everything works as it should. All of this creates additional complexity and increases how an attacker could infiltrate a network.

That’s why it’s critical to weave cybersecurity throughout every phase of infrastructure deployment. Every time a new system or application is installed, its introduction and implementation should be carefully vetted by a dedicated security team. All endpoints should be carefully monitored and inspected to ensure their fortification and all systems tested by red teams to verify their security postures and resiliency.

Simultaneously, all IT professionals should follow predetermined security guidelines throughout the software implementation process. These guidelines should be easily accessible and understood by everyone involved in the process. Simple, direct, and sequential instructions can help prevent vulnerabilities.

Implement observability for proactive cybersecurity

As the DOS’s software factories continue to develop and deploy new technologies, the agency must adopt methods that allow it to keep close tabs on how those technologies connect and interact with one another. Implementing a process of observability is a good way to accomplish this task.

Observability provides a complete view of every asset that comprises an organization’s IT infrastructure, whether on-premises, in the cloud, or hybrid environments. IT teams can observe how assets operate and interact with each other and rapidly identify issues as they arise, including potential security risks.

Observability goes beyond traditional network monitoring, but both are essential. The latter pushes alerts to IT teams whenever there’s a deviation from a predetermined metric, while the former allows teams to detect and analyze abnormalities in real time. So, while monitoring is reactive, and observability is proactive, both work together to form a critical foundation for infrastructure security.

Take an “assume breach” mentality

Zero-trust is an effective best practice that the DOS has adopted from the Department of Defense’s leadership. In the wake of continually evolving cybersecurity threats, adopting a zero-trust posture should be considered the minimum protection standard.

The DOS can take this approach even further by taking an “assume breach” mentality. An assume breach mindset includes several strategies designed to protect the agency throughout the entire lifecycle of a cyberattack. In addition to incorporating zero-trust principles, assuming a breach involves:

  • Identifying and addressing gaps in security coverage
  • Planning how to react and respond to an attack
  • Detailing the steps needed to recover from an attack
  • Learning from an attack
  • Implementing processes to prevent future attacks

Assuming a breach is just as it sounds—embracing a position that it’s not if a breach will happen, it’s when it will take place. If agencies base their cybersecurity efforts around this mentality, they will be more prepared to both deal with and prevent the eventuality.

Cyber resiliency must be a top focus as the DOS continues its push toward modernization, but without a systematic plan in place, the agency’s efforts to contain and prevent vulnerabilities can easily become overwhelming. Adhering to the three strategies outlined here can help the DOS prioritize cybersecurity and tackle potential threats in a way that will not only protect the organization but also do so in a manner that is efficient and effective.

 

These best practices are fundamental elements to SolarWinds’ Secure by Design approach, developed in collaboration with leading cybersecurity experts in the wake of the 2020 SUNBURST attack. It’s a solid blueprint for the DOS to refer to as it continues its modernization efforts.

Best of What’s New In Law Enforcement

Posted on by
Reply

In July, USA Today reported that the combination of pandemic-induced economic woes and the national movement to “defund the police” could lead to the biggest budget cuts for law enforcement agencies since the Great Recession of 2008. For police departments facing growing demands and tightening budgets, using technology to increase the impact of existing staff and resources will be a game changer. Luckily, autonomous technologies, better connectivity, and more sophisticated video and surveillance analytics tools are available to fill in the gaps. Read the latest insights from industry thought leaders in law enforcement in Carahsoft’s Innovation in Government® report.

 

Managing Cyber Exposure in Law Enforcement

“A law enforcement agency can face a variety of issues. It may need to address issues related to who has access to what information based on their role. It may need to segment its network — for example, to separate CJIS lookups from other areas that are open to the public. Law enforcement organizations may also be connected to other municipal departments such as the Department of Public Works or even other departments outside the municipality. Addressing these potential attack vectors requires security expertise, which in many cases is not on the agency’s priority list or in its budget. As a result, these agencies become even more susceptible to attack.”

Read more insights Tenable’s Senior Director of Marketing, Michael Rothschild.

 

Using Blockchain Analysis to Fight Crime

“It comes down to having the right data and making it actionable. Specifically, law enforcement should be interested in a partner with data attributing services, which attribute addresses to the clusters — that is, the entities — that control them. In this case, that would be cluster associated with criminal activity and their cashout points. The historical data behind this capability is an important differentiator. Chainalysis is the only company that has systematically collected information that links real-world entities to blockchain transactions since 2014. This allows the software to accurately distinguish different clusters of entities and attribute more data than can be seen on the blockchain.”

Read more insights from Chainalysis’s Director of Market Development, Don Spies.

 

Cloud: The IT Force Multiplier

“Storing, managing and effectively using an ever-increasing volume of digital data presents multiple challenges. Buying and maintaining hardware for data storage is expensive and challenging and diverts resources from the core mission of public safety. Then, agencies must manage stored data so it is discoverable, retrievable and in compliance with legally mandated retention policies. Without a sound digital evidence management solution and automated life cycle retention solutions, data management is nearly impossible. Finally, because data is produced in multiple systems, integrating and normalizing that data so it can be searched, analyzed and shared is challenging. Without a strong data management approach and systems, agencies must access multiple systems to discover data that is in different formats, making it very difficult to integrate and gain insights from that information.”

Read more insights from Amazon Web Services’s Public Strategy Lead, Ryan Reynolds.

 

January GovTech Law Enforcement Blog Embedded ImageSupporting the Law Enforcement Community During COVID-19 and Beyond

“COVID-19 created an unprecedented urgency for state, county and municipal workers to operate remotely whenever possible. This caught many agencies by surprise. Although these organizations moved with commendable speed to equip staff to work from home, the needs of the public only increased. Law enforcement agencies had to quickly adapt to the dangers of a pandemic amid calls for police reforms. These officials had to balance protecting the public, themselves and their colleagues in an ever-changing environment. Many departments have come to appreciate how technology enabled them to address these critical priorities.”

Read more insights from the Director of the Law Enforcement Team at Carahsoft, Lacey Wean.

 

Technology is Key to More Efficient and Effective Law Enforcement

“The pandemic decreased proactive activities. There are fewer cases where an officer might stop you for speeding 10 mph over the speed limit, for example. Departments have to weigh whether it’s worth the risk to stop a car to issue a traffic ticket and potentially be exposed to COVID-19, or to reserve their exposure time for things that are a matter of life or death. The impact of that is reduced revenue generation. COVID-19 also impacted morale. More law enforcement personnel have died from COVID-19 this year than have died in the line of duty. That impacts a police department and its morale — people work longer shifts, and health often suffers.”

Read more insights from the former Senior Adviser for the U.S. State Department’s Antiterrorism Assistance Program and Senior Law Enforcement Adviser for the 2012 Republican National Convention, Morgan Wright.

 

Download the full Innovation in Government® report for more insights from these law enforcement thought leaders and additional industry research from GovTech.