FedInsight by Splunk

Agencies have ‘once in a generation’ cyber, IT modernization opportunity

The Impact of the Cyber EO on Agencies

This is a once in a generation opportunity.  We have the pandemic as a burning platform for a lot of the modernization projects that agencies had on the shelf, but hadn't really gotten around to, but then they had people working from home and were delivering services remotely and needed to get those projects going.

 Threats that Agencies Face

There are several different value propositions of cloud. Speed so you can move faster. Agility so you can change your configurations and move things around. There's also efficiencies to be found because agencies don't have to manage the infrastructure and pay for all the data center hosting.

Since May when President Joe Biden issued his cyber executive order, the Office of Management and Budget has been busy developing implementation memos.

There was the most recent memo on end point endpoint detection response in late October. Before that OMB released the draft Zero Trust strategy and is reviewing public comments on that strategy with a final draft expected out in the coming weeks.

OMB also issued memos around securing on-premise software as well as logging incidents.
And more memos and guidance are coming as the EO detailed 23 different required actions by agencies to address systemic cybersecurity problems.

Beyond the required actions, the EO also has changed the discussion about federal cybersecurity. The urgency brought on by a spate of attacks in early 2021 and the surge of funding from Congress to the Cybersecurity and Infrastructure Security Agency is generating a once in a generation opportunity to do more to get ahead of attackers, secure data and systems, and create a modern infrastructure that can change as the threats change.

Juliana Vida, the Group Vice President and Chief Strategy Advisor for Public Sector at Splunk, said agencies can use the momentum created by the EO, the funding from CISA and the technological advancements of the market to harden their cyber resolve.

“This is a once in a generation opportunity. We have the pandemic as kind of a burning platform for a lot of the modernization projects that agencies had on the shelf but didn’t get around to. Then they had people working from home who were delivering services remotely and needed to get those [modernization] projects going,” Vida said on the Innovation in Government show. “Now with the cyber executive order, and the memoranda, those are helpful policy guidelines that not only give specifics to the agencies but it gives them some deadlines that are pretty aggressive. It allows industry to respond in a way that is truly meaningful.”

Vida and other experts lauded the cyber EO and implementation memos for being prescriptive enough, but also taking into account that each agency is different enough and starting at an assortment of points to improve their cybersecurity.

“It’s a win for each of the agencies to show some creativity, to show some innovation, and let the people come up with a solution that works best. given the domain that they have knowledge on,” she said. “I really do think it’s a win-win as we’re already seeing organizations put their plans in place based on their maturity.”

No matter where agencies are starting, Vida said the OMB memo from August on incident logging is a good place to start and/or focus initial efforts on improving.

In that memo, OMB established a maturity model around event logging and required agencies to assess their current state against the model.

“What we’re finding is that agencies don’t always know where to start to with incident event logging. Well, when you start with the logs, that’s like the ground truth,” she said. “We talk in general terms about listening to your data, or go back and look at the logs and figure out where the cybersecurity event happened. But that takes a lot of deep inspection, and it takes a lot of time. Unless you have this robust data analytics platform to do it, it can just be another burden on the agency. If agencies want to use their workforce to manually go through logs, and try to meet these requirements of the EO, but still maintain a good cybersecurity posture, that’s a losing proposition.”

Instead, Vida said using a cyber and data analytics platform like Splunk can not only get you compliant with OMB’s memo, but, more importantly, identify patterns, vulnerabilities and relieve some of the burdens on the cyber workforce through the use of automation and orchestration.

Vida added running the data analytics on a cloud infrastructure raises the value of the platform.

“There are several different value propositions of cloud. Speed so you can just move faster. Agility so you can change your configurations and move things around. There are also efficiencies to be found because agencies don’t have to manage the infrastructure and pay for all the data center hosting,” she said. “All of that drives speed and it allows the speed of the data processing and for the workforce to be able to do higher-level work, then trying to reconfigure passwords.”

About Splunk, Inc.

Splunk Inc. (NASDAQ: SPLK) turns data into doing with the Data-to-Everything Platform. Splunk technology is designed to investigate, monitor, analyze and act on data at any scale. Learn more at splunk.com/publicsector.

 

Featured speakers

  • Juliana Vida

    Group Vice President and Chief Strategy Advisor, Splunk

  • Jason Miller

    Executive Editor, Federal News Network