The WannaCry ransomware attack that struck computer systems worldwide beginning May 12 demonstrated the vulnerability of major global systems like Britain’s national health service.
Ironically, the attack came a day after an executive order on cybersecurity. “The internet is part of the underpinning of the American economy, and the executive order affirms that it is the policy of the United States to promote an open, interoperable, reliable and secure internet,” according to a statement from the Department of Homeland Security.
As government agencies and departments scramble to comply with the order and to protect their systems against cyberattacks, many quickly realize they need help.
Fortunately, with assistance from the right partner, the task is not as daunting as it seems.
How to begin
Cyberthreats are not new and most government agencies and private businesses have already been employing security measures. Because of their years of experience, companies like VMware are uniquely positioned to help customers identify, protect and respond to cybersecurity threats aimed at federal networks.
Complying with the order
The executive order requires government agencies to provide a risk management report within 90 days (from May 11) on how they are using the National Institute of Standards and Technology Cybersecurity Framework. The report is to be delivered to the DHS and the Office of Management and Budget. One of the primary objectives of the order is to transition all agencies to one or more consolidated network architectures and shared IT services.
Meeting the timetable
For many agencies, the 90-day timetable seems formidable. NSX Network Virtualization and Security Platform allows agencies to employ the NIST Framework in weeks and not months or years. It also facilitates the framework without the need for significant infrastructure upgrades.
Understanding the framework
“The framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk,” reports NIST.
The framework provides a common language for understanding, managing and expressing internal and external cybersecurity risks. NIST explains the framework should be customized by different sectors and individual organizations to best suit their risks, situations, and needs. “The framework should not be implemented as an un-customized checklist or a one-size-fits-all approach for all critical infrastructure organizations.”
Government agencies need to be at the forefront of cyberprotection. Unfortunately, many are not sure how to customize the NIST framework to meet the specific needs of their agencies or departments. Beyond that, they are often not sure how to modernize and mobilize security within their IT systems. Those objectives can be more easily accomplished using the VMWare platform.
“The framework’s core ideas — identify, protect, detect, respond and recover — help users evaluate their cyber risk and develop plans to manage it,” explains NIST. “It can guide them as they determine the cyber controls they choose, with consideration of any regulation or standards that may apply to their particular industry sector.”
Choosing the right partner to customize and implement the framework within federal agencies can help ensure protection against future cyberthreats.