Analysis: Cybersecurity puzzle is a tough one to solve
Despite increased efforts to implement better cybersecurity, federal agencies continue to succumb to cyberattacks. Could more – or updated – policies stem the tide of these potentially devastating attacks?
The topic gained renewed prominence in late October when the Energy Department’s inspector general noted in an audit that cyberattacks targeting federal agencies' systems and websites increased nearly 40 percent in 2010. DOE itself had failed to adequately protect its information systems from the cyberattacks that constantly probed the networks – this after spending “significant resources” on cybersecurity measures, according to the report, released Oct. 20. It is no surprise that cybersecurity has become an increasingly urgent issue for federal agencies, with hackers and nation-states infiltrating the systems to extract sensitive information and data. There are policies and measures already in place to prevent these attacks. The National Institute of Standards and Technology, which provides cybersecurity standards and guidelines to the federal government, has a security control catalog with 18 safeguards and countermeasures that each agency is required to implement. Many people think a policy is “just paperwork, but policies and procedures are critical for setting the tone and establishing the organization’s commitment to doing the right thing with regards to due diligence in the area of cybersecurity,” said Ron Ross, fellow and project leader of the Federal Information Security Management Act Implementation Project at NIST. The policies can address many different areas, and they can be challenging. But if the policy is clear and follows the basic principles that are articulated in the NIST standards and guidelines – and if it’s implemented properly -- it should result in better cybersecurity for the organization, Ross said.
Analysis: Cybersecurity puzzle is a tough one to solve