There is a bright spotlight being cast on federal cybersecurity. From the SolarWinds, Colonial Pipeline, and JBS meatpacking plant attacks to the Executive Order on cybersecurity, federal agencies and industry partners alike are tasked with raising the bar to protect the national, digital infrastructure which maintains our way of life.
But before we can advance our security programs, we have to start with a baseline of accurate, timely, and complete data. We have to be digitally resilient.
Technology teams make critical decisions to support and protect their enterprise based on data from their endpoints. With much of the workforce – and consequently many of the endpoints – now operating in a remote environment, IT security leaders are currently facing a problem with their standard data analysis process: collecting timely, complete data. According to recent research, 79% of federal IT decision makers think real-time data is moderately to extremely important in achieving complete visibility over their IT environment.
But 36% of those same IT decision makers rarely or never have complete visibility into their IT environments at any particular time. IT administrators can’t obtain data from devices they can’t communicate with, and legacy tooling can’t correspond with remote devices. In the rare situation where tooling can communicate with remote endpoints, it slows to the point that by the time IT administrators collect and centralize data, it’s no longer accurate because each endpoint’s status has changed.
Many agencies don’t have the ability to collect, centralize and analyze all the data from remote endpoints. Even if they do, the data collection is not fast enough, leading to decisions being based on bad or incomplete data.
Compounding these issues are the sheer number of data-producing endpoints for which administrators are responsible. The volume and velocity of data generated by endpoints is leading to a data tsunami. IDC predicts a two order of magnitude increase in endpoints, and the amount of new and existing endpoints produced is expected to increase 84 times by 2025.
These three factors are leading to an untenable situation for agencies, one where our traditional approach to data – ‘collect everything’ – simply will not work.
Tackling this problem requires massive innovation and change. The American Rescue Plan allots $1 billion for the Technology Modernization Fund (TMF) and $650 million for the Cybersecurity and Infrastructure Security Administration (CISA). This new funding offers agencies an opportunity to install solutions that enable the instrumentation of, iteration on, and distillation of data at the point of production – on the endpoint – negating the need for federal organizations to sustain the legacy approach of data collection and centralization.
CISA told House Appropriations Subcommittee members in March that the funding will be used to scale cybersecurity pilots designed to increase focus on threat detection at end points, on devices, and to expand the agency's ability to hunt for threats.
“What we want to move to is a paradigm where CISA is able to continuously assess security data from agencies on an ongoing basis for evidence of compromise, utilizing known and potential indicators of compromise, including advanced analytical techniques so we can get ahead of the adversary,” said Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA. “Then the moment they intrude, we have a higher likelihood of catching them versus waiting, for example, they make a mistake and then we trigger an incident response.”
Getting to Higher Ground
Cyberattacks are growing more frequent and complicated by the minute. Agencies need to evaluate data management and security processes to ensure that they are effectively protecting the network and reducing vulnerability gaps.
When a data tsunami hits, agencies don’t have the option to tread water. They are either on the high ground, or under water. They are either cooperating and partnering with industry vendors to drive real innovation, or they are not. With the new funding from the American Rescue Plan, they have an opportunity as well as a responsibility to consider this oncoming data risk.
Agency IT security teams need an endpoint management and security platform that empowers them with the comprehensive real-time visibility and control needed to make critical decisions and take the right action, right now. With a holistic risk management approach in mind, vendors and federal agency IT teams can save time and money, and align resources while working to protect personal and sensitive government data.
We can’t wait for another earthquake, the time to move is now.