Now is a pivotal moment for those of us working in federal cybersecurity. The new administration has pledged to make defending America’s IT networks “a top priority at every level of government” and they must start by wrestling with the SolarWinds hack.
President Joe Biden’s cyber defense efforts will be steered, for the first time, by a Senate-confirmed White House national cyber director — the most empowered cyber leader the U.S. government has ever had. The new administration envisions a $9 billion IT modernization effort that will overhaul federal cybersecurity, part of the $1.9 trillion COVID-19 relief package proposed to the new Congress. The plan emphasizes digital transformation and shared services as the keys to cybersecurity success.
For agency cybersecurity leaders, the stakes are higher than ever. The adversary is now inside the perimeter. “Assume compromise” isn’t just a slogan anymore. To best maintain America’s cybersecurity posture, agencies need to radically rethink their security policy. They need an approach that prioritizes and protects their most important data and other assets, employs a layered, risk-based defense, and continuously authenticates users — what many refer to as zero trust or adaptive security.
Extended detection and response is the new battlefield
Recognizing that systems, no matter how fiercely defended, will inevitably be compromised dramatically raises the bar on agency security operations as well.
With the attacker always already inside, extended detection and response is the new battlefield for agency security teams — and speed is the path to victory on it. Quickly finding stealthy intruders hiding in the complex topography of a modern IT enterprise requires a new approach to operations. Teams must be free to concentrate on the highest-level threat hunting and not get buried in incident response minutiae.
How? By forging partnerships with trusted service providers who can employ bleeding edge technology that might be beyond the agency’s own reach. For example, automation can be used for initial analysis, not just routine tasks. And by integrating advanced security tools and centralizing log and telemetry data, artificial intelligence can provide analytic insights that security teams can leverage as they race to manage the new risks of the pandemic world, with its reliance on remote working and cloud services.
Shared services also give security teams working across several agencies the benefits of enhanced visibility — both into multiple agency IT environments, and into IoT and OT networks.
Above all, shared services offer security leaders a flexible, cost-effective alternative to a pure-play in-house security operations center. Hybrid operations and shared security services that enable joint network defense must be the new approach.
Managed security can accelerate timelines
Let’s be frank: Building a mature SOC that can win on this new battlefield of speed-to-detection and detection-to-response is a major multi-year undertaking requiring significant investment of both budget and management attention. A 24/7 SOC operation requires scarce talent that is often hard to recruit and retain in today’s marketplace. Some agencies just don’t have the resources or the time.
And then there’s the challenge of maintaining state-of-the-art cyber defenses in an era of constrained procurement. While federal agencies might require a year or more to acquire and integrate the latest tools, managed security providers can do so in days and are incentivized to do so to meet their SLAs and continuously enhance services.
In the private sector, for many medium-sized businesses, the in-house SOC is rapidly going the way of the enterprise email server and the company data center. Like web-hosting or payment processing, security is something more and more enterprises are comfortable outsourcing — especially given the capability gains and cost savings they get.
Many federal agencies are in that same situation: Just starting out on a journey to maturity that may take several years. But as a growing number have learned, agencies can leapfrog that lengthy lead time — and leverage the expertise of mature security teams — by buying in the security services they need, either as a SaaS platform or a fully managed service. Either way, the right provider can offer new security capabilities, whether bundled or a la carte, on a plug-and-play basis — allowing leaders to ramp up fast enough to meet new challenges.
Managed security is a cost-effective option
Managed security operations — governed by service level agreements that mandate real time reporting of security metrics — can improve performance, cost-effectiveness, and financial predictability. Federal agencies can reduce SOC costs by a third or more with a managed service option.
And they will need to: Beyond any surge in resources the new administration may be able to muster this year, agencies need to find a budgetarily sustainable approach to cybersecurity costs. Accenture’s recent research on federal cyber resilience found three-quarters of federal agencies reporting annual cybersecurity spending growing. Higher costs for network security, threat detection, and security monitoring drove expenditures up by more than 25% in the top 20% of agencies. Almost two-thirds of federal cybersecurity leaders believe this level of cost growth is unsustainable.
In the post-pandemic, post-SolarWinds world of tomorrow, federal agencies will need to rethink their security approach. Determined, well-resourced cyber attackers, like those from U.S. near-peer adversaries, will continue to mount successful intrusions. Success in security will be measured by how quickly they are found, kicked out, and mitigated.
Aaron Faulkner is a managing director with Accenture Federal Services and leads the cybersecurity practice across the U.S. Department of Defense, Intelligence Community, Public Safety and Civilian and Health sectors.