Government Needs a Proactive Approach to Securing Connected Infrastructure

Cybersecurity might seem like a nebulous problem. We are inundated with buzzwords—Encryption! Hackers! Phishing!—and abstract stock images like the one at the head of this article that paint cybersecurity as an issue dealing with little more than hooded figures, binary code and attacks on high-level data.

But what happens when transit is interrupted by nefarious cyber activity in a major metropolitan area? When an electrical grid goes haywire because the wrong people were able to access it?

The internet is active all around us in a constellation of devices, all connected and always sharing data. Even when citizens aren’t communicating on smartphones or working in a web browser, they are “plugged in” simply traveling from one place to another, using government services and expending resources like water or electricity.

The trend across all sectors of the United States infrastructure leans toward leveraging the internet to provide better, more comprehensive and more efficient service.

But the myriad of benefits to connecting our technologies do not mean sharing and openness are without risk, and cyber attacks have far realer consequences than a few indiscriminate lines of codes might suggest.

“The value we get from increased interconnectivity and data sharing continues to improve our lives from healthcare to financial transactions to education," says Leidos Senior Vice President Scott Gray.  "Our evolving digital lifestyles will further drive our data use and access expectations.” With this trend an equally enhanced cyber security posture must follow to ensure that the connected parts of our country’s institutions and its infrastructure are secure.

“We have to see the internet as a national security infrastructure asset,” Gray explains. Connections between networks and individual devices are as critical to the American economy today as the highway system—and even more important to protect.  

So, “while most government agencies have invested in cybersecurity for their connected assets, the lion’s share of those investments go to toward defensive tactics,” says Leidos Defense and Enterprise IT Senior Vice President, Chris Kearns.

“It’s very important and very hard work, but they have to ‘keep up’ while adversaries are only advancing,” he says. “What we need to do is shift the time these people spend in their day to become more and more proactive.”

This means leveraging data analytics to, as Kearns describes, “get the signal out of the noise.” Analysts must not only be able to defend when their system experiences an attack, they must also be able to target critical issues, stop imminent attacks and use the knowledge they obtain to posture against future threats.

Forming that posture is a matter of securing and training the right personnel, which is itself a two-part endeavor, Kearns says.

In the early days of cybersecurity, popular opinion held that fostering internal cyber hygiene – a basic level of literacy around internet-related security concepts – would be enough. While it is still important to educate against the simple, commonplace attack vectors like phishing, that’s only the first step. Gray and Kearns hold that agencies need teams that have broader competencies in the cyber realm.

“Cyber adversaries change their tactics as rapidly as government detects them,” Kearns says. “Government needs to stay current with their tactics and understand what they need to be successful.”

That’s where the second part comes in: cross training. Both men have seen the benefits of cross training for superior cybersecurity at Leidos, where cyber analysts work in multiple areas of the practice as part of their training. A given individual develops competency in a variety of offensive and defensive areas of cybersecurity, preparing them for the ambiguity and difficulty of cyber challenges ahead.

“This is going to be a continual, cultural focus,” he says. “It’s not a single event like Y2K—it’s a new world. Going forward, we need constant vigilance and infrastructure investment from the ground up.”