Across multiple cybersecurity programs and efforts, the Federal government is prioritizing protection for its high value assets (HVAs), said speakers at ATARC’s Government Information Technology Executive Council (GITEC) conference on Monday, April 29.
The Continuous Diagnostics and Mitigation (CDM) program is piloting a data loss prevention program at five agencies, extending the program into remediation of cybersecurity issues and focusing on HVAs, said Kevin Cox, CDM program manager at the Department of Homeland Security (DHS).
“We’re going to be working down … to understand the architecture of those high value assets and then work, as appropriate, with the proper solution to secure the data in those high value assets. That could be helping agencies rearchitect in certain cases, like microsegmentation or rearchitecting legacy systems, it could be data rights management, data loss prevention, etc.,” he said.
CDM isn’t the only program taking a close look at HVAs – agencies are working with DHS and the Office of Management and Budget (OMB) to figure out what really counts as high value.
“We want to provide the adequate protection and not overprotect or underprotect. Reclassification is going to be key, so we can focus our resources on the right things,” said Scott Davis, deputy CISO at the Department of Labor. He noted that the there will be three tiers of classification, allowing agencies to take a risk-based approach on protecting their assets.
The draft version of the Trusted Internet Connections (TIC) 3.0 policy also touches on how to protect the Federal government’s crown jewels in new and effective ways.
“One key piece is the segmentation,” said Mark Bunn, program manager for TIC. “We don’t have to think in terms of networks anymore – you’re not locked into, ‘this is my network and this is somebody else’s network.’ You can really take a look at your high value asset and say, ‘well, what is the zone around that asset, and how do I protect it?’”