4 Government Tech Priorities That Need a Funding Boost Next Year

Darren Guccione is CEO of Keeper Security.

In 2015, the U.S. government fell victim to two of the biggest hacks in a decade with the Internal Revenue Service and Office of Personnel Management breaches. Furthermore, according to the Government Accountability Office, information security incidents have risen in recent years, from 5,503 in 2006 to 67,168 incidents last year.

Poor allocation of budgets has only helped this number grow. Not surprisingly, OPM spent the least amount of money on security out of all the agency departments and consequently suffered the largest U.S. agency breach ever. Getting the government’s security standards up to par will require significant investments, but I think we can all agree it’s worth it. So what are some of the steps needed to stop such threats from occurring?

Overhaul Legacy Systems

Many agencies are still using 60-year-old systems written in Common Business Oriented Language, or COBOL. These archaic systems simply are not robust enough to withstand today’s sophisticated cyberattacks.

What’s worse is that not only are these systems outdated, but the methodology around them is, too. Universities simply don’t teach this language anymore, so what happens when the young workforce enters the government and programmers begin to retire? Disaster. Federal CIO Tony Scott has likened this crisis to the Y2K glitch of 2000.

Hand in hand with updating legacy systems is implementing solid BYOD policies to mesh with existing protocols. With a majority of employees bringing personal devices into the workplace, there is an inherent increase in risky behavior.

According to a Cisco survey of government employees conducted last year, 41 percent admitted to practicing harmful behavior.

Increase Employee Training Programs and Security Awareness

A simple way to protect government information is to secure it on the front lines via employee security compliance and training. One of the easiest ways to infiltrate a network is through spear phishing, which is when a bad actor, using a targeted email, attempts to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity.

Training programs such as a recent Redskins ticket ploy, where federal employees were tricked into opening what they thought were free football tickets only to be greeted with an educational video upon clicking, is a perfect example of the exercises that need to take place regularly.

Another common employee compliance mistake is poor password management. Tools such as multifactor authentication, password rotation and encrypted password storage can significantly help increase employee password management and reinforce to the user, how important security truly is.

In a Cisco survey, one-third of respondents admitted they used passwords considered easy to guess, while 25 percent failed to use passwords on their mobile devices. Clearly, cyber education is a necessity for the federal workforce.

Hire the Best and the Brightest to Revamp Outdated IT Systems

It’s no secret the government has turned to many Silicon Valley executives and pleaded they come help fix their broken systems. A perfect example is this is the 2013 HealthCare.gov disaster. The problem is, many such professionals are not willing to take massive pay cuts to come to Washington and struggle through the entangled and outdated systems. If proper money were allocated to federal hiring budgets, then new projects could be checked off the box and the whole IT infrastructure could be revamped with a new team.

Increase Information-Sharing Technology

With the recent passing of the Cybersecurity Information Sharing Act, the government will need to begin sharing threat intelligence not only among itself, but with the private sector as well. By working together, instead of in silos, potential attacks could be thwarted more easily. With branches communicating with one another in real time, threat indicators could be spotted and proper measures could be taken to secure data.

We saw earlier this year the same strain of malware was used in the OPM and Anthem breaches, and had these organizations been communicating with each other on a timely basis, millions of identities may not be at risk today. As long as the government continues to learn from mistakes and makes an effort to begin sharing information, we should see an increase in stopped attacks.

Sadly in 2016, we will continue to see an onslaught of targeted infiltrations to the federal government's IT infrastructure. These will not only be a result of outdated systems and old safety standards, but will also stem from a lack of security diligence from the federal workforce.

Luckily, these are all problems that can be fixed over time. Through informative and planned budgeting, our government can get back on its feet and secure the most important systems that run this country while protecting not only its employees, but Americans as a whole.

(Image via Cienpies Design/Shutterstock.com)