Everyone believes that the government is slow. Whether you are trying to pay your taxes or simply going to renew your license, interactions with any official agency tend to be a long process. The same has been true about most agencies and technology – they tend to be about ten years behind the curve. Does anyone even know if they are done using Windows XP yet? This poses a bigger problem when we come to the issue of cybersecurity vulnerabilities. Does the government have the practices in place to deal with these types of pitfalls or are they behind?
The Current State of Government Cyber
First, let’s start with the big one that a lot of cybersecurity companies use for their policies – NIST. NIST has been around since 1901 creating standards and has done an amazing job doing so. However, it has only been since 2014 for cybersecurity. NIST published its Cybersecurity Framework on February 12, 2014. It provides a framework to deal with cybersecurity as a whole going into everything from identifying to recovery.
Then you have the U.S. Army Cyber Command. They started out as Network Technology Command (NETCOM) in 2002, which worked to secure and defend enterprise-level data networks. Army Cyber Command (ARCYBER) came along in 2009 to support the join cyber operations force. While they do monitor for cybersecurity vulnerabilities and attacks on our nation’s military, they don’t do anything in the homeland.
That’s where the Department of Homeland comes in with CISA. The Cybersecurity and Infrastructure Security Agency “is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.”
The problem with CISA is they have just been around since 2014. While they have done a lot of good in the short time they have been around, they were much needed before that time. They are coming in late to the game and changing the ideas of government agencies can be difficult. That’s not to mention the fact that purchasing the amount of equipment that is required for a cybersecurity implementation the size of the U.S. government can be daunting.
There are, of course, other organizations that have cyber employees. NSA, CIA, FBI, and other government agencies have their own cybersecurity professionals, but they tend to work in their own areas as opposed to supporting multiple agencies.
The Cyberspace Solarium Commission
The Cyberspace Solarium Commission (CSC) formed in 2019 to provide a report on the current state of cyber in the United States. They presented their final report to the public today, March 11, 2020. Their report “proposes a strategy of layered cyber deterrence” and “consists of over 80 recommendations to implement the strategy”.
This report came from a bipartisan group of lawmakers and stated that there was a need for far more people trained for cybersecurity in the military. They also stated that Congress needs to dedicate committees to cybersecurity. Interestingly, they also stated that there was a need for more aggressive actions against the networks of other nations.
“The U.S. government is currently not designed to act with the speed and agility necessary to defend the country in cyberspace. We must get faster and smarter, improving the government’s ability to organize concurrent, continuous and collaborative efforts to build resilience, respond to cyber threats, and preserve military options that signal a capability and willingness to impose costs on adversaries.”
Report from the Cyberspace Solarium Commission, 2020
While some of the implications of the report are immediately able to be implemented, some require White House approval. No matter what your stance on politics is, you can’t deny that the fighting between both sides could cause a problem for any such implementation.
What Can I Do To Help?
Finding cybersecurity vulnerabilities and protecting against attacks has never been a government-only problem. The private industry will always be needed to help defend private and public infrastructure. Making your company ready for cyberattacks will not only help your company, but it will also help reduce the risk of that attack spreading to others as well.
Craig Cybersecurity can help your organization determine it’s risks and how to mitigate them. Give us a call today and we can help you in strengthing your company’s cybersecurity posture.