How Government Agencies Can Build Cyber Trust in 2019

solarseven/Shutterstock.com

For all the damage that can come as the result of cyberattacks, the cost of severed trust is almost always the highest.

At every level, government requires trust: Trust between governments, between a government and its citizens, or between agencies and their contractors. Indeed, for all the damage that can come as the result of cyberattacks—including the loss of intellectual property and the compromise of physical systems—the cost of severed trust is almost always the highest.

Unfortunately, trust remains at risk this year. While cybersecurity technology has continued to evolve—due, in part, to numerous large-scale breaches in 2018—so have threats, especially as agencies and their employees rely on more data and more connected devices to get their jobs done. A risk-based cybersecurity posture is key to dealing with this reality. While trust is crucial, it shouldn’t be blind.

Transparency and Trust

To improve trust in 2019, there first must be more transparency between government agencies and their contractors. Most people don’t even go to a restaurant these days without due diligence. They check out the business’s reputation on Yelp!, OpenTable, or Facebook. The same should hold true for government agencies choosing partners. We need industrywide “security trust ratings” and organizational risk scoring in the same vein as Moody’s credit ratings or individual FICO scores. Such “trust ratings” can indicate how safe it is for contractors to handle critical data, making everything from employee cyber hygiene to past breaches as visible as any other certification or accreditation.

With that in mind, forward-thinking government contractors should plan ahead and treat security as a top priority. Move their CISOs up to report to the CEO. Report security status just as they would report revenue and operations. Relying on surface-level interventions hasn’t been enough for some time, but it will become especially troublesome as ratings breed a new level of transparency.

Agencies can and should also be pickier about their partners. Contractors will need to implement widespread, cultural changes to prove they are trustworthy, and they need to start now. Agencies should encourage breach disclosure and lead with the carrot—not the stick—in order to gain more rapid compliance with security requirements. They may have to pay a premium to contractors that prove they embrace advanced security operations. Transparency and its high trust ratings can and should be a competitive advantage for the most diligent contractors.

A New Type of Cold War

But trust isn’t only relevant within government organizations (i.e. between an agency and its employees and contractors). It’s just as important on a macro scale. In 2018, we saw trust between world powers begin to shrivel, and we saw traditionally open trade borders slammed shut as a result. Indeed, some have said that 2018 marked the beginning of a 20-year trade war. Governments are becoming bolder in their “incursions” into corporate and government infrastructure, which is going to have trickle-down effects. This year could mark the beginning of a new type of cold war—this time, in cyberspace.

It wasn’t long ago—between the late 1940s and early 1990s—that many nation-states acquired new software, hardware and intelligence through espionage. As more countries adopt protectionist postures in 2019, with tariffs tacked onto a wide and growing range of goods, such espionage is surging again, and at cyber speed. With fewer and costly legitimate avenues to bolster cyber capabilities, there is a clear incentive to steal trade secrets and use cyber tactics to disrupt other governments.

Users and Cybersecurity

The continued and persistent escalation of cyberattacks led by nation-states is very real, but it shouldn’t be addressed in a way that means compromising the trust of actual employees. If agencies react to the growing threat landscape by simply locking down security—like many countries are trying to lock down their trade borders—it will simply prevent employees from doing their jobs and may cause them to create even riskier workarounds.

Government agencies need, more than ever, to have a granular understanding of how people interact with sensitive data, no matter where it is located. By knowing how and when legitimate users—whether trusted partners or long-time employees—access trade secrets and other critical content, agencies can better detect and react to unusual behavior. This is one of the best methods to identify untrusted users, accounts or processes, including those being used by hostile nation-states.

Proactive Cybersecurity is Critical

Over the next few years, escalation in nation-state-led cyberattacks will push unexplored limits until a breach or provocation crosses a currently undefined line. The breach may be intentional, accidental, loosely directed (actors may not have full understanding of what they are targeting), or have unintentional consequences (loss of control, for example). It may impact the government, civilians—or both. It may cause financial harm or, worse, loss of life. Regardless of the impact, deterrence will inevitably fail, since it never really worked anyway, and the incursion will likely escalate into a national retaliatory response.

Proactively implementing greater transparency—through security ratings and a deeper understanding of user behavior, to name a few—can help agencies better prepare for these impending threats at every level. Enhanced inspection, proper due diligence, and the right data can help protect trust—one of the most precious commodities any agency has.

Eric Trexler is vice president of Global Governments and Critical Infrastructure for Forcepoint.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.