Cybersecurity

Patching your cybersecurity foundation

gloved hands

All too often, an organization's focus on cybersecurity looks outward to external threats, solutions and guidance. But the real problem might not only be inside, but within the organizational structures that comprise an agency's operations writ large.

While the insider threat is a hot topic and a very real concern, it is the division between internal teams – specifically the IT and information security operations teams -- which can allow the opportunity for insiders to go bad. Combined with a lack of awareness or support at the top, the fractured approach can equal a cracked cybersecurity foundation.

"There is a disconnect between the C-suite staff, those business managers, the IT staff and the information security staff," said Rich Cespiva, assistant professor of cyber at the information and integrated operations department, part of National Defense University's iCollege "Does your information security team have an understanding of your organization that actually rivals what your C-suite staff and higher-level managers have? Because having an understanding of what your agency does and how it does it leads to an enhanced and protected posture."

Cespiva spoke Oct. 16 at an FCW-sponsored cybersecurity event in Washington, D.C.

Having those teams operating in separate silos can be costly from a security and financial standpoint, particularly when a single cyberattack can end up costing an agency millions of dollars. It is a risk that continues to grow as increasingly high-tech solutions are introduced and systems become more interdependent amid shared services.

Information security and IT operations "being disconnected ultimately leads to lapses in security and puts data and systems at risk," said Sanjay Castelino, vice president of market leader network management business at SolarWinds Inc., an IT management and monitoring software firm. "This is not a new risk, but as systems have grown more complex, the risk of [information security and IT operations] running from different sets of data, viewed through the lens of different systems, can make it harder to identify threats and address them in a timely manner."

Central to the issue is the ease of accessing and sharing data that is critical to enterprise security, including what is happening on the organization's networks. Conventionally that data has been used to monitor network availability and performance, but exploiting it for security and forensic uses can better secure the network, Castelino noted.

The goal is to have all the data collected available to both IT and information security operations as common tools, allowing for more of a continuous-monitoring approach.

"Talking the same language, seeing the same data – that wasn't always the case in the past," Castelino said. "That's a big shift. It means there are efficiencies gained because you're not either buying or building completely disparate separate systems, you're investing together in solutions that will help access shared data."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Mon, Oct 21, 2013

None of this is new. Info Sec professionals have been touting this message for some time. There are several reasons the message hasn't been getting though, though. 1. The C-suite has difficulty translating security investments into business value. In many cases security is seen as a capital expense, part of a risk mitigation strategy, and while partially true, the actual risks involved are largely intangible and hard to define in a way that follows common business logic. Trust but verify is not a good model for mitigating insider threats. 2. Budget priorities. Security is often seen as a separate item from IT operations and infrastructure, and without some type of ROI or intrinsic business value, getting sufficient budget for the physical and personnel needs can be an uphill battle. 3. Lack qualified security personnel. There is a huge gap in understanding about the actual needs of security personnel are. There are two kinds - process, and applied. The issue is that you need both, as it is rare to find individuals with sufficient depth in both, which presents a different kind of security concern, similar to the issue with dev-ops being given authoritative control over systems. Separation of duties and collusion awareness are absolutely critical to managing the insider threat risk. It is, for some reason, extraordinarily difficult to convey this to C-suite in a way that begets appropriate actions.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group