Cybersecurity matters: Preparing for the perfect storm

There has never been a time when federal CIOs and CISOs have had so much risk and responsibility placed on their shoulders. 

From the urgency of securing government data to the challenges associated with providing remote access and data sharing, the need to secure networks has never been more acute. 

Foreign adversaries and threat actors are becoming more aggressive, constantly trying to infiltrate federal systems by every means available. Continual data breaches have resulted in the theft of personal information of millions of Americans, as well as highly sensitive data, such as military designs or treasured U.S. patents. 

Federal CIOs and CISOs are now facing a perfect storm in which several major trends are converging to make the cyberthreat environment increasingly difficult to navigate. Software vulnerabilities are being exploited and weaponized at increasingly higher frequency on a massive scale — including the use of AI and other advanced formulas.

Unfortunately, patches and other types of remediation are available only after the damage has already occurred. In addition, the amount of data requiring protection has grown exponentially, and the need to provide remote access and sharing capabilities is making the process of securing it much more complicated, particularly when using legacy hardware systems. 

So, what steps should government executives be taking now to protect their networks and their data in the future? 

The pervasive threat from inside 

At this critical moment in time, it’s clear that we can no longer rely exclusively on perimeter-based cybersecurity solutions to address the persistent threats to our networks. Internal threats pose a significant risk to enterprise networks, either due to poor configuration or active exploitation attempts happening from within the organization.

In 2023, there were more than 32,000 cyber incidents reported to the Cybersecurity and Infrastructure Security Agency, up almost 10% over the previous year. Of those 32,000 incidents, 38% (more than 12,000) were due to improper usage, meaning that someone violated an agency’s acceptable use policy. 

The Cybersecurity Insiders 2024 Report found that 83% of organizations reported insider attacks in 2024, with 51% experiencing six or more attacks in the past year. The average cost of remediation exceeded $1 million for 29% of respondents. In the past few years, we have seen several instances of insider attacks being perpetrated against the United States Navy, as well as private enterprise organizations. In a recent instance, two Chinese nationals are facing charges in connection with spying on the U.S. Navy and members of the Navy on behalf of the Ministry of State Security (MSS) for the People’s Republic of China.

“Adverse foreign intelligence services like the PRC's Ministry of State Security dedicate years to recruiting individuals and cultivating them as intelligence assets to do their bidding within the United States," Assistant Attorney General for National Security John A. Eisenberg told Newsweek in a statement. 

Three immediate steps CIOs can take to protect their networks

 1. Move toward software-based solutions and infrastructure. At this point, many organizations are still running legacy hardware-based systems that are expensive and difficult to scale, and won’t accommodate the most advanced cybersecurity solutions. 

2. Implement continual training and education on cybersecurity issues. According to a recent report from the Cyber Readiness Institute, human error remains the largest vulnerability in cybersecurity, as employees fall victim to phishing attacks and other social engineering tactics that can lead to data breaches and system compromises. 

3. Never Decrypt Data. Encryption is a fundamental element of every viable enterprise cybersecurity strategy. Unfortunately, many organizations are operating under the misconception that encryption of data while at rest or in transit provides adequate protection. Theft does not usually occur when data is at rest, because it is encrypted and not in readable English. Similarly, when data is transported over the internet, it is wrapped in encryption and therefore not legible. 

But unless data is continuously encrypted while it is in use, it is not secure. Most data breaches occur when a significant database is being used and the data is readily available to anyone who has access to the network. Up until recently, continuous encryption has been difficult and expensive to deploy, due to its slow speed of processing and complex compute resource requirements.

Now, however, there are a few affordable, easily deployed homomorphic encryption solutions, such as Donoma Software, that allow databases to remain encrypted even as the data is being used. 

These solutions provide a much better balance between access and security, and also bridge the gap to make continuous encryption deployable at scale — effectively solving the problems of data loss. Only continuous encryption, which protects data while in use, has the potential to put an end to the proliferation of data breaches and the damage they cause.

As the former Chief Information Officer for the Department of Defense and the Department of the Navy, Terry Halvorsen has nearly four decades of experience leading transformation projects and strategic IT direction for the U.S. Government. In his current role as vice president of federal client development at IBM, he is dedicated to unlocking new technological potential for government agencies.