The biggest challenge to securing the cyber resiliency of federal government network systems remains an over-classified, ineffective approach to information sharing, according to a panel of cyber experts speaking at a homeland security summit Sept. 12.
Two panels at the AFCEA Homeland Security Conference urged federal agency officials to work at reducing the time frame for collecting data and sharing information on cyber attacks while adopting a more robust approach to cloud computing as a means of working with industry to solve future cyber vulnerabilities.
“Everybody seems to be in a sense of denial. When it comes to sharing information, I think we’ve done a better job but we still stink. There’s an over-classification of information,” said Greg Touhill, former U.S. Chief Information Security Officer (CISO) and current president of Cyxtera Federal Group, during a panel on cross-agency cyber incident response. “We’ve been trying to get folks to realize that cyber security is not a technology issue, it’s really a risk management issue. Understanding what information you have, where it is and what the risks are to that information really should be at the center of your program. And unfortunately, we’ve been trying to defend information equally regardless of its value”
Removing barriers to certain information following cyber incidents would allow industry professionals to advise federal agencies on protective measures in a more timely manner.
Both panels at the conference emphasized the importance of implementing policy that will cut down the information sharing response timeline from days and weeks down to minutes and hours.
“Honestly, we need this information collected in minutes or hours because that’s the time frame the bad guys are working in,” said IBM [IBM] Program Director for Cybersecurity Technologies Beth Dunphy, who believes more open information will help industry supply critical resources back to federal agencies during cyber attacks. “My advice would be to do a better job sharing back with the government piece. I’m sure we would have information that’s equally as valuable for us to share back during cyber events. We can help with this threat exchange.”
Panelists pointed to the White House’s recent cyber executive order in May as a good first step for ensuring that the federal government take responsibility for assessing its current level of cyber resiliency by conducting thorough reports.
However, panelists such as Touhill wished there was more direction to urge agencies to make immediate efforts to embrace cloud computing for information sharing purposes and to ensure the resiliency of their networks.
“The thing that’s holding us back is we’ve got a 1980’s architecture that we keep trying to fix. It’s time we go out there and get a 21st century architecture that works on cloud computing and incorporates a secure front-end,” said Touhill. “There’s good policies right now, we’re just not executing them well.”
Dunphy also cautioned against using the reports conducted under the cyber executive order as reasoning for adopting a homogeneous architecture across the federal government, which she believes allows adversaries to more easily plan out broad attacks.
The director of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center John Felker assured his industry colleagues that from a federal standpoint the agencies will work to better collect and disseminate critical information following significant cyber attacks.
“It’s really an important thing to think about how do we do this better. We have to figure out ways to share information rapidly and in a manner that is actionable,” Felker said. “Right now, we get a lot of information back to us that is both classified and unclassified, but the federal government is confined to a small slice of the pie. We will work on the information sharing.”