Article posted: May 11, 2016
By Joerg Dettmann, CTO
This past February, President Obama recommended increasing U.S. cybersecurity spending by 35 percent in 2017 to $19 billion, which includes hiring a National Cybersecurity and Federal CISO. It's all part of the president's Cybersecurity National Action Plan.
Bringing on board the nation's top tech security czars is a necessity. The US government has endured a string of major breaches including the latest debacle at the Office of Personnel Management, which leaked the names of government employees and sensitive personal employee data.
We interviewed Versasec CTO Joerg Dettmann for his thoughts on the role of the new CISO and his recommendations for where to focus
Diligently Monitoring All Systems
It's critical for the new U.S. CISO to monitor all systems -- not just the firewall -- 24/7. Nefarious deeds can take place just as easily inside the firewall as outside. For example, if a regular 9-to-5 employee's computer is active at 1 a.m., it should be a red flag that there may be an access issue. It's important to look for insider threats as well as outside cyber attacks, and monitor all equipment and software for potential threats.
Closely Manage Privileges
Providing access privileges to employees is a standard operating procedure, but it needs to be monitored closely, as many employees keep their access privileges beyond their time limits. Granting permission to access servers, files and printers normally goes through a formal process. Once a government employee or contractor is cleared for access to servers or equipment, often times the permission is granted beyond the employee's or contractor's contract terms. Revoking and managing privileges is more important than granting access. It's important that privilege granting and revoking are automated and are managed based on time limits or even physical location. For example, a contractor may have access to a printer because he or she is working on a certain floor of a building. When that contractor moves to another location, it is critical that his or her privileges are immediately and automatically revoked for the old location to ensure security remains at a high level.
Insist on Using Multi-Factor ID in all Government Offices
In 2007, President Bush enacted a law to protect government employees and contractors from identity theft. Since this law was established, many government agencies have deployed multi-factor ID solutions, such as smartcards paired with passwords, to lessen the threat of identity theft. While most government agencies already deploy multi-factor ID policies, it's critical for the new U.S. CISO to immediately mandate two-factor ID for all employees and contractors across all branches. This added layer of protection can prevent security breaches, if, for instance, a laptop is stolen, or through password leaks. The United States is taking a historic step in identifying and defining the need for a CISO. While this CISO will be charged with preventing cybersecurity hacks and dealing with the latest DDOS attacks, it's essential to ensure that baseline, cost-effective, simple security measures are deployed.