How Federal Cybersecurity is Evolving

There’s a certain irony with the way the federal government treats technology

Although the government and military are huge investors in new technology and are often on the cutting edge in certain fields, they’re also notoriously slow to adopt other types of technology. Cybersecurity is a major concern for businesses, but compromised government and military systems can be far more destructive, and there’s no doubt that malicious actors can do tremendous damage by compromising systems.

A Growing Threat

The year 2017 saw a rapid rise in the number of cyberattacks on federal agencies, and this trend is only expected to grow. Hackers are becoming more sophisticated, and there are simply more of them out there. For a nation, the cost of funding hacking is low; even relatively poor governments can afford to hire talented individuals to target foreign governments. The reach of technology continues to grow unabated, and the risk posed by hacks continues to increase.

Conservative Approach by Default

Federal agencies don’t work in concert, and many have vastly different security requirements. In general, however, federal entities are far more likely to stick with older solutions instead of adopting new technologies. The IRS, for example, still relies on IBM mainframes from nearly 60 years ago for storing certain information. Despite obvious performance issues, this conservative approach has a notable advantage: Security. These solutions have been tested for decades, and it’s likely that potentially exploitable bugs have long been patched.

Current Technology Risks

Much of the business world has moved and is moving to the cloud. While the cloud has advantages for businesses, federal agencies are naturally reluctant to store information off site, even though cloud providers typically have excellent security records.

“Federal employees have a particularly challenging array of issues to deal with” notes Jeff Engle, Vice President & General Manager for Federal at United Data Technologies.

There are a myriad of existing policies and procedures that govern everything an employee does, which makes modernisation in itself a challenge

Listen to our full interview with  Jeff Engle from UDT below or on Apple Podcasts

Bids for contracts with federal agencies have to meet stringent requirements, and these requirements seldom change, potentially making it impossible for cloud providers to offer bids on projects. Not all regulation changes require approval from Congress, but it may still be some time before cloud operations truly make inroads for many federal agencies, particularly those dealing with national security.

New Entry Points

Despite the conservative approach federal agencies tend to take, they still have to compete for talent. Remote work has made significant progress, but these practices have lead to some security risks. If an employees laptop is stolen, for example, any information cached on the hard drive can potentially be uncovered. Furthermore, it might be possible for thieves to uncover login credentials, giving them easy access to networks. Computers used in the past could be protected by a few soldiers with guns, but the public internet and other networks place a far higher burden on cybersecurity professionals. Already, government entities need to ensure their smartphone policies are adequate, and wearable technology will only increase this demand.

Modernization Under Way

In 2017, Congress passed the 500 million dollar Modernizing Government Technology Act, which is part of defense funding. Although the act promises to play a role in improving lax cybersecurity efforts, it’s also aimed to replace legacy systems with more modern systems, purportedly in an effort to cut back on operating expenses. Although the act, if properly funded, will bring extra attention to cybersecurity, replacing legacy systems also increases the burden of implementing proper security. The act will likely have benefits to users, as modern systems should be able to outperform legacy ones. However, there’s no guarantee that security efforts will be enough to prevent potentially large and damaging cyberattacks.

The cost of proper cybersecurity can be expensive, and the slow pace of the government means new technology can be slow to adopt. On the other side, paying for hackers is relatively inexpensive, and even the smallest of security holes can eventually led to massive attacks. Although progress is being made to protect systems, it’s important for agencies to avoid becoming complacent, and extra eyes will be needed to make sure modern systems replacing older ones are sufficiently secured.