National Cybersecurity Strategy needs an observability focus

When federal government agencies were breached by Chinese hackers due to a Microsoft Azure vulnerability, the Cybersecurity and Infrastructure Security Agency released an advisory calling for the use of more enhanced monitoring tools to build resilience against increasingly sophisticated attacks. This latest advisory was further amplified by the National Cybersecurity Strategy, which reinforced the need to make the government’s critical infrastructure more resilient by modernizing federal networks.  

Despite these measures, a recent study shows that only 26% of the public sector (compared to 40% of the private sector) have a formal approach to building resilience. Moreover, federal agencies whose mission-set centers on critical infrastructure, such as the departments of Energy or Transportation, still face challenges to maintain legacy tools in contrast to the public sector as a whole.   

This is because federal agencies need more support to implement modern monitoring tools that help improve their threat detection and response. Without the proper technology in place to match the challenges of today’s threat landscape, it is difficult to remain resilient when faced with an attack. But how might an organization begin to achieve the resilience required for today’s cyber threats?  

It starts with federal agencies prioritizing observability strategies. Despite its growing popularity, observability is a fresh concept – one that can be difficult to define and see as a path to resilience without first understanding its foundation. The roots of observability can simply be traced down to a collection of logs, metrics and traces by which monitoring systems can more proactively mitigate potential threats.  

The state of observability in the federal government

Disruptions caused by cyberattacks aren’t just expensive, they also halt critical services throughout networks. Downtime, a detrimental result of cyberattacks, has been shown to cost upwards of $500,000 per hour. With critical infrastructure increasingly being a focus for exploitation, there’s a growing need for agencies to implement observability strategies.

The unfortunate reality of observability is that its existence in the public sector lacks maturity. 
This often stems from agencies leveraging dozens of tools to monitor their tech stack. With no interoperability between these tools, this system creates data silos that result in blind spots and cause IT teams to miss critical alerts that signal a cyberattack.

To make matters worse, these legacy tools weren’t built to handle the varying tech stack that agencies rely on. Monitoring tools traditionally function by alerting an engineer of an issue. Once alerted, the engineer is forced to interpret the dashboard or logs to identify the problem. But this
strategy creates an environment of too much guesswork and costs more harm than good.   

Getting to the root of the issues

Though the National Cybersecurity Strategy aims to improve the public sector’s critical infrastructure through digital resilience, agencies must adopt next-generation observability solutions to achieve it.  

Observability addresses the cyber challenges posed to the public sector by quickly getting to the root cause of vulnerabilities, optimizing mitigation through live services, sharing active, contextual insights to aid incident prevention, and making better decisions for networks by auto-detecting new data.    

Achieving this strategy starts with three tangible steps for federal IT leaders:  

1. Developing a comprehensive data strategy that integrates data sources across silos to increase visibility across the complex tech stacks.  

1. Consolidating technology tools into a comprehensive platform to eliminate silos in between tools.  

1. Working closely with agency leaders to ensure they have a strong understanding of the value observability provides to an organization’s threat detection capabilities to achieve executive sponsorship to invest in the strategy.

With observability tools, agencies can build cyber resilience, navigate cyber incidents that generate unplanned downtime, and eliminate poor performance while reducing costs. As the public sector adopts and modernizes these tools, it can also lean on the private sector for guidance. A statistic shows us that 77% of private sector organizations have reported faster root cause analysis in the last 12 months due to unified observability solutions. By having better visibility in data, private sector organizations demonstrate how observability solutions can determine the root cause of a problem in seconds and save costs on downtime and disrupted services.  

Working together

The National Cybersecurity Strategy and policy announcements on digital resilience show that our nation is turning the page on cybersecurity. As the public sector works with digital defense teams, efforts towards ensuring the advancements in our security solutions can gradually close the gaps in our systems and eliminate vulnerabilities. With sophisticated observability solutions, we are joining forces to overcome the narrative that the government is too slow to combat cyberattacks. As the nation turns the page on cybersecurity, federal agencies’ adoption of a strong observability strategy will be a large factor in improving the nation’s threat response capabilities.  

Bill Rowan is vice president of public sector at Splunk. 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.