recommended reading

ARCHIVES

Unlocking the Power of NIST’s Cybersecurity Framework

By Richard P. Tracy // April 28, 2017

Den Rise/Shutterstock.com

Richard P. Tracy is the chief security officer of Telos Corporation.

Five years ago, it would have been a struggle to get more than 100 people to attend a cyber risk management conference.

Yet last year’s National Institute of Standards and Technology conference in Gaithersburg, Maryland, drew more than 1,000 eager attendees ready to learn about NIST’s Cybersecurity Framework (CSF). That passion to pursue strategies for cybersecurity risk management has only grown stronger in the past year.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

NIST developed the CSF three years ago as a set of voluntary industry standards and best practices to help critical infrastructure organizations manage cybersecurity risks. It was intended to be effective and specific in its recommendations while remaining flexible enough for all organizations to implement it.   

The CSF makes complex information about cybersecurity and risk management more accessible. It creates a common vocabulary that personnel can understand at all levels of the organization from the server room to the boardroom. 

Universal Grammar: The CSF’s Core Components

The flexibility of the NIST CSF is its strongest asset. Just as a language’s flexibility comes...

Built to Change: The New Model for Federal IT Modernization

By Mike Gregoire // April 27, 2017

Maksim Kabakou/Shutterstock.com

Mike Gregoire is the chief executive officer of CA Technologies. He also serves on the executive council of TechNet, a bipartisan network of innovation economy CEOs and senior executives.

Prior to the digital revolution—when the world was more predictable and moved at a slower pace—business and government invested in technology infrastructure systems that were built to last. In that context, the concept was a sensible one. However, in today’s rapidly evolving digital era, the old model—building tech infrastructure “to last”—actually undermines the security and stability of federal IT systems.

Businesses realized this fact of life a long time ago and acted boldly by using agile techniques, taking broader steps and using fewer resources to lower costs. Businesses internalized and institutionalized the maxim that modern organizations must innovate and execute at a high velocity and continuously improve, using data-driven innovation to inform decision-making. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

In short, they realized they must be built to change.

Unfortunately, government IT and data security still cling to the old model.  In the wake of high-profile breaches of data, it is more important than ever that...

A Hacker’s POV of Internet of Things Security

By Jason Haddix // April 25, 2017

a-image/Shutterstock.com

Jason Haddix is the head of trust and security at Bugcrowd.

Today, internet of things devices outnumber humans. Internet-enabled children’s toys, household appliances, automobiles, industrial control systems and medical devices—new IoT devices are being designed and released every day but many of these devices are built with little-to-no security in place. Given the rapid growth of these devices and unregulated market, it’s no surprise that these devices represent a growing threat as well as a major opportunity for hackers.

How Manufacturers Play a Role in IoT Insecurity

The sheer number and types of the devices being networked and connected to cloud interfaces and on-the-internet APIs are one of the greatest challenges in security today. Each device has its own set of technologies, thus its own set of security vulnerabilities. Add to that the pressure to rush to market and meet consumer demand, many manufacturers have simply not implemented a robust security review process.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

What’s especially concerning is that IoT manufacturers are collecting large amounts of life pattern behavior on their users, as well as access to home and work networks...

Machine-Learning Technologies Help Agencies Develop Highly Intelligent Security Postures

By Dave Mihelcic // April 17, 2017

Sergey Tarasov/Shutterstock.com

Dave Mihelcic is the head of federal strategy and technology at Juniper Networks.

If the recent spate of alleged Russian cyberattacks has taught us anything, security breaches can happen so quickly and stealthily, the damage will be done before anyone even realizes there was a hack.

In fact, as malicious actors become more insidious, federal network security managers are finding the reaction time between identifying and mitigating potential threats has gone from minutes to milliseconds. Factor in the volume and complexity of the threats, and it becomes evident the challenge has grown well beyond what can be managed through manual intervention.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

To successfully combat these challenges, cyber operators should consider incorporating machine-learning capabilities into their toolkit. Once used within the Defense Department primarily for real-world target recognition, machine-learning technologies have evolved to become very effective at quickly detecting and responding to potential cyber threats. Through analytics and predetermined risk factors established by cyber operators, these highly intelligent and adaptable systems can evolve to “learn” about threats as they happen and apply that knowledge to better fortify the network in anticipation of future threats.

Machine-learning...

HR and IT: A Partnership Poised to Protect Federal Cyber Systems

By Sudeep Dharan // April 17, 2017

Omelchenko/Shutterstock.com

Sudeep Dharan is chief technology officer at Acendre.

If the 2015 Office of Personnel Management breach has taught us anything, it’s hackers love to target federal HR departments—with a treasure trove of Social Security numbers, payroll data, email addresses and employee identification information contained within their systems.

Given the extent of damage an adversary can do with all of this, HR leaders and their teams must take a proactive approach in safeguarding their network, systems and devices—one that goes far beyond acquiring “set it and forget it” firewalls and other traditional cybersecurity tools.

Modern hacking methodologies grow more creative and sophisticated by the day. Not only do they continue to advance rapidly from a technology perspective, but they are increasingly mastering the human part of the equation too, i.e., the ability to manipulate well-meaning federal employees into compromising their agencies through phishing scams and other schemes.

Thus, a proactive approach positions HR to stay one step ahead of attackers. But it requires federal HR organizations to reach out to the IT department, to form a partnership to address both the technological and human-focused needs here. With an HR/IT partnership taking hold, agencies can pursue the...

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.