Top 5 information security challenges for US government agencies
Cloakware identified the top five challenges facing federal agencies that expose them to critical security breaches. The list, compiled from in-depth conversations with industry experts and government agencies, outlines the most significant challenges facing federal organizations concerned with protecting the systems that support critical infrastructure (cyber CIP) while providing an operationally efficient environment.
With continuing reports of major security breaches and thwarted attacks at both government agencies and Fortune 2000 organizations, cyber security has never been a greater priority. Though confronting short-term economic and national defense concerns, newly elected President Obama has also ordered a 60-day review of the U.S. information security and cyber CIP policy. This call to action recognizes that a failure to implement proper security measures can facilitate internal and external threats to the confidentiality, integrity and availability of the nation’s critical infrastructure.
In January 2009, the U.S. Government Accountability Office (GAO) published an update to the High-Risk Series (GAO-09-271) report outlining federal information and cyber CIP concerns. The report stated that protecting the federal government’s information systems and the nation’s critical infrastructure is a top-line challenge. It requires resolving identified deficiencies and fully implementing effective security programs.
In a concerted effort to comply with pending mandates from the new administration, Cloakware recognizes that government entities will be expected to implement solutions that address the following top cyber security challenges:
1. Cyber security as top-level priority – Earning cross-agency buy-in is critical for managing threats effectively, ensuring centralized and controlled access to vital information and systems.
2. Establishing and implementing consistent security initiatives – Mandating policies can be a complex and daunting task, but with insufficient processes in place to enable full accountability, agencies become susceptible to internal and external threats.
3. Preventing system disruption – Dynamic and complex technology environments, including virtualized, cloud computing or service-oriented infrastructures, make managing information access extremely difficult, requiring flexible controls and solutions to adapt and prevent interruptions – or worse.
4. Improving warning capabilities – Access to critical information assets must be monitored and managed intensively in all facets of the organization. Implementing proactive warning systems can circumvent critical incidents, limiting exposure to agency credentials and vital information that opens the agency to extreme governance risks both inside and outside its walls.
5. Strengthening incident recovery – While mitigating occurrences is the first line of defense, the ability to recover from incidents quickly without exposing critical information and access needs to be improved upon. When events do arise, privileged information and access are compromised without a disaster recovery plan in place.