Insight by Raytheon

Agencies must do more to prepare for the constant evolution of cyber threats

The Evolution of Government’s Approach to Cybersecurity

The other big thing we are seeing is the real proliferation of weapons grade tools and capabilities. Whereas it used to take well-funded state actors to do some of the things that had been done historically, we are seeing those capabilities get out through the dark web to non-state actors, to every day criminals and hackers, which is really increasing their capabilities and causing us to really up our game.

Threat Intelligence Communication

We are focused on sharing tradecraft. We are trying to produce products now that help your network defenders understand the tradecraft the nation state actors are using and be able to prioritize their mitigations. Network defenders tend to get overwhelmed with so much to do.

Emerging Technologies and Cybersecurity

We’ve been really focused on how to do you continue to provide electricity or natural gas or whatever your particular piece is in the energy sector while under attack? We have some investments and are doing some research and development on the technology that can do automatic anomaly detection and also accommodation to continuously provide that flow of electricity uninterrupted even while in a degraded environment. That is really the future that we are looking at.

Cybersecurity is like a classic 1980s horror film–think Friday the 13th or Halloween–every time you think you’ve gotten away from the killer, they just keep coming back.

Every locked closet is busted open. Every time you think you’ve won, somehow the bad guy reemerges from the dead.

Unlike in the movies where the hero or heroine always wins, agencies’ cybersecurity horror story never ends.

Adversaries are ramping up the use of cyber attacks to steal intellectual property, manipulate and disrupt data, all in the name of creating strategic and tactical advantages.

The Defense Department, the Intelligence Community and civilian agencies must continue to defend systems and data today as well as prepare for the constant evolution of cyber threats.

The Internet Society says cybersecurity will be the most pressing challenge of the next decade. It says responses to date have been thoroughly insufficient and the costs are escalating. Cyberattacks and cybercrime will shape the Internet and our relationship to it.

And the government will be caught in the middle, the Internet Society says. Citizens will expect agencies to respond to cyber threats, but at the same time they have to find the balance of national security and online freedoms.

But there are things agencies can to do today to prepare them for that scary future. Emerging technologies like artificial intelligence and machines learning, and approaches like zero trust will be critical and beneficial in protecting systems and data over the next decade.

Matthew Eggers, the vice president for Cybersecurity Policy at the U.S. Chamber of Commerce, said the threats, general speaking, have remained the same, and below the threshold of armed conflict.

“How do we deal with those threats that needle away of our economic capabilities and our advantages?” Eggers said. “Our adversaries know that we can’t bring everything to bear because they are operating below certain thresholds.”

Sanjay Gupta, the chief technology officer at the Small Business Administration, said the agency is working internally and externally to combat cyber threats. SBA is helping small firms understand they too are targets of bad actors and what steps they can take to protect themselves.

Then internally, Gupta said federal policies are becoming more flexible to deal with the ever-changing threat landscape.

“They are getting away from being a prescriptive model to a more adaptive model,” he said. “They are becoming more outcomes driven than mandates, if you will. The Trusted Internet Connections initiative is a perfect example of that.”

Listen to the full show

Copyright © 2020 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.