Each October, the Cybersecurity & Infrastructure Security Agency and the National Cybersecurity Alliance lead the cybersecurity community in an educational campaign around the impact of cybersecurity breaches and best practices to prevent them. Cybersecurity Awareness Month was created to raise awareness about the importance of cybersecurity among individual citizens and companies alike. While the campaign, with a theme of #BeCyberSmart, is designed for more of a general population/consumer audience, it is a great reminder that everyone should take time to brush up on basic cyber hygiene practices as well as expand more advanced knowledge about keeping data safe, both our own and the data we work with professionally. One way to do this is to review the cybersecurity white papers for government we have included on GovWhitePapers.
Cyber EO Puts a Stake in the Ground
The way accountability for security is being practiced is via the Executive Order on Improving the Nation’s Cybersecurity (Cyber EO). The Cyber EO was created to prioritize a focus on cybersecurity and to provide guidance to agencies and supporting vendors, in improving their security posture to strengthen our national resilience against the ever growing threat landscape. Key goals of the EO are:
- Improve Software Supply Chain Security
- Create a standard playbook for responding to cyber incidents
- Improve detection of cybersecurity incidents
- Improve cybersecurity investigation and remediation
- Modernize and implement stronger cybersecurity standards in government
Creating 100% Zero Trust
A huge part of achieving these goals is moving to a Zero Trust Architecture (ZTA). The premise of ZTA is that every user connecting to the network has to prove valid authorization before being allowed access. Once in, their access to data is controlled via their role within the organization. This involves adopting very granular, rigid user identification policies along with strict authentication that includes role-based, time, and/or location access as well as a host of other conditions for access to systems by individuals. Creating a Zero Trust Architecture requires a number of different technologies working together. There is no off-the-shelf zero trust solution.
Getting Cyber Smart
Here are just a few links to GovWhitePapers resources that will get you started in understanding the current threat landscape, the mandates the government must comply with, and the technologies that enable organizations to meet current and future cybersecurity challenges.
- The President’s Executive Order on Cybersecurity is a Massive Shift for Security The Cyber EO raises the bar of security expectations from vendors regarding support of these new security guidelines, focusing on prevention, detection, response, and investigation. While this language is not unique to many that have adopted the latest in security architecture, it advances the Federal Government’s mission. It supports the ‘lead by example’ vocabulary included in the order.
- Information-Centric Automation and Orchestration It is worth considering an Information Focused Automation Framework to handle normalization, standardization, and information management functions to ease the work and increase security whenever a resource is added or upgraded, or a new capability deployed.
- Federal Cybersecurity – America’s Data Still at Risk A 2019 report highlighted systemic failures of eight key Federal agencies to comply with Federal cybersecurity standards identified by agencies’ inspectors general. This report revisits those same eight agencies two years later. What this report finds is stark. The inspector generals identified many of the same issues that have plagued Federal agencies for more than a decade.
- Mitigating the Impacts of Doxing on Critical Infrastructure Doxing refers to the internet-based practice of gathering an individual’s personally identifiable information (PII) —or an organization’s sensitive information— from open source or compromised material and publishing it online for malicious purposes. To mitigate the effects of doxing, individuals and organizations can protect themselves by taking an active role in controlling the information that is shared and stored online and implementing a series of best practices.
You can browse additional government cybersecurity assets through our search engine here:
