Federal Agencies: What's Your Hack-Response Plan?

Government networks have been getting owned lately.

Like the Washington Redskins, government hacks are a depressing reminder that lots of money and Beltway brainpower can’t fix systemic dysfunction.

After high-profile hacks at the White House, the State Department, the U.S. Postal Service and others, the government reeled. Since 2009, the number of security incidents in federal agencies involving the potential for exposed personal information ballooned from 10,400 in 2009 to more than 25,000 in 2013, according to the Government Accountability Office.

Then the Office of Personnel Management breach happened. If government hacks made headlines before, the OPM breach put cybersecurity on the national map, particularly for the millions of people – many of them federal employees or contractors – who had their Social Security numbers and other personally identifiable information exposed, likely to a nation state that isn’t friendly with us.

A furious crash course in improving the government’s cybersecurity posture ensued, and while the cyber sprint results were promising, the battle for digital supremacy and resiliency isn’t a quick race; it’s a marathon.

While increased multifactor authentication has shored up glaring sign-on measures and the number of system administrators with root access to an agency’s prized data has decreased, there’s no reason to believe the government is done getting owned.

It’s basic math. More attackers with access to new, emerging technologies – technologies the government may not know about or have defenses against – means data breaches will keep making headlines.

What then are federal agencies and those charged with securing a network’s prized possessions left to do? The answer: Make sure you know what to do when hackers get in. Because just as sure as the Redskins’ season will inevitably implode, hackers will get in.

On Sept. 15, Nextgov will host a digital event dedicated to educating federal cybersecurity stakeholders on best practices in responding to data breaches, titled “Responding to Future Cyber Attacks with Incident Response.”

Nextgov cybersecurity reporter Aliya Sternstein, will interview three cyber experts on what incident response plans should look like; lessons learned from past government breaches, including how best to share threat information with stakeholders; and appropriate measures of response to various stakeholders.

All three panelists, by the way, were profiled in Nextgov’s “Top 10 Women Cyber Guardians You Should Know About” feature this summer.

They are:

Sally Holcomb, deputy chief information officer for the National Security Agency/Central Security Agency

Dr. Catherine Lotrionte, director of the Cyber Project School of Foreign Service at Georgetown University; and

Shannon Praylow, cybersecurity operations subject matter expert at Maverick LLC.

They know their stuff, and more important, they know how to help you avoid being on the front page of every newspaper in the English-speaking world. For more information and to register for the viewcast, click here.

(Image via Alexander Supertramp/ Shutterstock.com)