Burnin’ Down the House

smokey

Smokey the Bear says, “Only you can prevent wildfires.” Today, that wildfire is the OPM breach. Yesterday it was IRS. The day before that, it was Snowden.

Tomorrow, it’ll spark up somewhere else.

Federal cyber pros are sounding the alarm. They are spending too much time fighting cyber fires. The old approaches and point products aren’t working – agencies need real change and a holistic approach to fight today’s threats, as well as new challenges smoldering for tomorrow.

Fanning the Flames

According to recent research, 93 percent of Federal executives indicate cyber defenses need significant improvement, but only 56 percent are assessing their networks daily to analyze and address security risks.

Einstein doesn’t look so smart right now – understand the intrusion detection system held the door open at OPM. CDM wasn’t enough. Fire likes oxygen – how do agencies choke the flames?

Dousing the Fire

An ounce of prevention is worth a pound of cure – and most cyber pros agree that an effective cyber posture is a combination of people, processes, and tools.

Many are turning to the NIST Framework for Improving Critical Infrastructure Cybersecurity as a comprehensive strategy to prevent the fire drills. The framework was developed in a year-long, collaborative process between industry, academia, and government stakeholders. It’s designed to work in any enterprise – public or private.

Want to learn more about the NIST Framework? Check out the abridged version. This Framework assessment tool helps agencies determine your cyber security capabilities and set goals for your future defense. NIST suggests organizations use the Framework to:

Conduct a basic review of cyber security practices
Establish or improve a cyber security program
Communicate cyber security requirements to stakeholders
Identify new or revised references for solutions
Stop, Drop, and Roll

Don’t forget to test your smoke alarms. And if they go off, don’t ignore them. This said, alarms and point products won’t keep you safe, and won’t keep you off the front page of the Washington Post. Check out the Framework to jump start your comprehensive, integrated cyber defense. Smokey’s smiling.

Steve O'Keeffe
About Steve O'Keeffe
Steve O'Keeffe is the founder of MeriTalk, the government IT network. MeriTalk is an online community that hosts professional networking, thought leadership, and focused events to drive the government IT dialogue. A 20-year veteran of the government IT community, O'Keeffe has worked in government and industry. In addition to MeriTalk, he founded Mobile Work Exchange, GovMark Council, and O’Keeffe & Company.
No Comments

    Leave a Reply