There aren't quick and easy fixes in government cybersecurity.
Pem Guerry is executive vice president of SIGNiX.
This spring’s WannaCry ransomware outbreak was another wake-up call for local and federal governments to strengthen security infrastructures. The repercussions of this massive cybersecurity incident, which affected more than 300,000 users at businesses worldwide—including shutting down production at a Japanese Honda plant—are still being felt. Then Petya/NotPetya, a malware that destroys data, started spreading across Europe.
New threats are emerging at an alarming rate, which is especially worrisome because state and federal governments typically lag behind private industries when it comes to cybersecurity. Last year, cybersecurity risk analysis firm SecurityScorecard ranked U.S. local, state and federal governments dead last in cybersecurity protection measures when compared to more than a dozen private-sector industries, such as health care and retail. The SecurityScorecard report review of 600 government organizations identified malware infections, network security and software patching as particularly vulnerable areas.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
As federal agencies work to bolster cybersecurity measures under a growing threat of cyber crime, they face three primary IT challenges:
1. Heightened cybersecurity risk. The vulnerability of federal government systems to hackers and spies is on the rise. Forty-two percent of high-level federal IT managers surveyed by cybersecurity company BeyondTrust reported experiencing a data breach in the last six months. According to the survey, one in eight said their systems weathered a data breach in the last 30 days.
Federal IT managers singled out application vulnerabilities, nation-state attacks and malware as the top security threats. These data breaches are costly, racking up an estimated fiscal damage of $637 million annually across federal IT systems.
2. Outdated legacy technology. Aging infrastructure contributes to the vulnerability of federal systems. In a recent article published by The Hill, 61 percent of federal IT officials said the government's aging IT infrastructure impedes their ability to comply with federal cybersecurity mandates. One of the most significant cybersecurity incidents illustrating the risk exacerbated by outdated hardware and software was the massive breach of the Office of Personnel Management computer systems, according to Wired magazine. The agency blamed the incident, which impacted millions of individuals, on its aging systems. During the OPM incident, hackers gained access to personnel files from 4.2 million past and present government employees, as well as 5.6 million digital images of employee fingerprints.
The Trump administration is taking steps to address the problem of outdated technology. In May, President Donald Trump signed an executive order on cybersecurity intended to ramp up federal IT systems and networks through several measures. These include replacing outdated and legacy IT infrastructure with secure and updated technologies, such as e-signatures, which eliminate time-consuming and costly paper workflow processes. And his newly instated American Technology Council will receive guidance from some of the nation's top tech executives to help guide this much-needed modernization.
3. User error. Any organization, including a federal agency, is only as secure as its most careless employee. Cyber criminals are becoming more adept at cloaking phishing scams and luring employees to click on emails that install harmful malware on their computers. It’s important to foster a culture of cyber awareness among federal employees by conducting regular cybersecurity training sessions to teach staff to recognize phishing scams, to follow smart password practices and to become familiar with policies for securely accessing and using data.
Cyber threats are a growing risk to government offices and agencies worldwide. The federal government is making strides to mitigate that risk, but widespread challenges prevent this from being a quick and easy fix.