With increased concern by government agencies about cybersecurity, your organization may be able to increase and improve its levels of disaster recovery prevention and detection by knowing what is being proposed and approved by the U.S. government. This article discusses some key government cybersecurity initiatives and their relevance to the private sector.
Comprehensive National Cybersecurity Initiative
The CNCI defines how the federal government prepares for, and responds to, cyber attacks and two of its initiatives can be of interest to the private sector:
Initiative 1: Deploy intrusion detection systems (IDS) across federal agencies which use passive sensors to identify unauthorized users attempting to gain access to federal networks.
Importance to private sector: IDS technology is proven and its benefits have been demonstrated time and again. Private-sector users can set up IDS devices to passively monitor their network perimeters, firewalls and other access points and identify questionable activities.
Initiative 2: Pursue deployment of intrusion prevention systems (IPS) across federal agencies to conduct real-time full-packet inspection and threat-based decision-making on network traffic entering or leaving government networks.
Importance to private sector: Building on the passive monitoring attributes of IDS technology, not only can IPS devices monitor network perimeters, they also have proprietary algorithms that proactively detect and respond to cyber threats by blocking the flow of data through network perimeters before harm is done.
The following documents from the National Institute of Standards and Technology (NIST) provide useful guidance on a variety of security issues:
- SP 800-37, Guidelines for Security Authorization of Federal Information Systems
- SP 800-39, Managing Information Security Risk
- SP 800-53, Security Controls for Federal Information Systems
- SP 800-94, Guide to Intrusion Detection and Prevention Systems
- SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
Trusted internet connections (TIC): Consolidate external telecommunication connections and ensure a set of baseline security capabilities for situational awareness and enhanced monitoring.
Importance to private sector: Network managers must regularly monitor network access points for security, access, throughput and how well data is protected from unauthorized activities. By reducing the number of access points and also updating the remaining access points with greater security, they can further minimize the chances of a cyber attack.
Continuous monitoring: Transform static security control assessment and authorization into a dynamic risk-mitigation program that provides essential, near real-time security status and remediation, increasing visibility into system operations and helping security personnel make risk-management decisions based on increased situational awareness.
Importance to private sector: Network monitoring is the true first line of defense for protecting corporate networks. Network monitoring devices must be carefully selected for their ability to identify foreign code and characters and report them quickly to management for action. By improving the thoroughness of network monitoring, the chances for a cyber attack to be quickly identified are greatly increased.
Strong authentication: Since passwords alone provide little security, federal smartcard credentials such as PIV (Personnel Identity Verification) and CACs (Common Access Cards) provide multi-factor authentication and digital signature and encryption capabilities.
Importance to private sector: With the threat of cyber attacks on the rise, network managers must provide strong security controls for data protection. Among the most popular is encryption, which greatly reduces the likelihood of corruption and theft of data. Strong authentication controls are essential to limit unauthorized network access.
According to the National Institute of Standards and Technology (NIST) SP 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, security status is a function of various metrics established by an organization to identify its information system security posture. This means performing the following activities:
- Maintain situational awareness of all systems across the organization
- Maintain an understanding of threats and threat activities
- Assess all security controls
- Collect, correlate and analyze security-related information
- Communicate security status information across the organization
- Manage risk proactively
Each of these criteria is defined in the Federal Information Security Management Act (FISMA) of 2002.
Importance to private sector: Review the NIST SP 800 Series of IT standards, as they offer additional insight on the nuances of IT management. Many offer valuable tips and “how-to” guidelines.
During 2012 and beyond, continued review of these priorities will include focus on specific FISMA metrics that are identified as having the greatest probability of success in mitigating cybersecurity risks to government agency information systems. Keep an eye on these developments to ensure that your organization’s networks are protected from cyber attacks.
About this author: Paul Kirvan, CISA, FBCVI, CBCP, has more than 20 years experience in business continuity management as a consultant, author and educator. He has been directly involved with dozens of IT/telecom consulting and audit engagements ranging from governance program development, program exercising, execution and maintenance, and RFP preparation and response. Kirvan currently works as an independent business continuity consultant/auditor and is the secretary of the Business Continuity Institute USA chapter. He can be reached at firstname.lastname@example.org.