The folks at GovLoop.com invited me to read and share their Agency of the Future Guide: Winning the Cybersecurity Battle. The guide begins with a brief survey of (US) public sector employees who were asked to comment on their agency's cybersecurity strategy.
As you can see from the infographic style summaries of responses, the list of challenges facing US Government agencies contains all the usual suspects:
When asked about their agency's state of preparedness, the responses are all over the map but generally paint a less than comforting "not even close!"
Based on the surveys, agencies seem to be highly concerned over (i) Phishing and malware, (ii) DOS and DDOS attacks, and (iii) application level attacks. Parties responding to the survey attribute attacks to a much wider set of actors than I customarily see. I'm frankly surprised that agencies are allegedly unprepared for attack can so identify the attacker's motives with such confidence, but your mileage may vary.
Much of the balance of the report consists of editorials contributed by commercial interest parties (security products or services providers). The editorials make strategic level recommendations for agencies. You can read the report in its entirety, but choosing randomly, I found the following noteworthy because they aren't mainstream mantra (prevent, detect, respond, control, manage, restore):
- Be a prudent early adopter of new technology that can address some of the new complex threats that are emerging (Source: Juniper Networks)
- The security officer must have a seat at the table. Security officers can explain how assuming risk here will create trade-offs for the agency. (Source: Symantec)
- Government agencies are desperately in need of hiring top cyber talent. Keeping talent is key to success (Source: State of Michigan
The report also identifies 19 potential metrics for agencies to use to measure and improve cybersecurity strategies. There's some vendor fluff here, but overall, it's a useful read for strategy planning.