The Office of Personnel Management has 70 terabits of stored data that it plans to use for behavioral analysis.
“We spent a lot of money to get those logged files,” said Clif Triplett, senior cyber information technology adviser for OPM. “We want to try to harvest the value.”
One of OPM’s cybersecurity initiatives allows for intelligence across Federal agencies to be put into the same signature files for OPM to store. OPM uses this data and notifies the agencies if it detects an internal threat. Triplett said OPM wants to make use of big data to understand how human behavior relates to cybersecurity threats, which depends on comprehensive data analytics.
“We have all this data,” Triplett said. “We have to think about how we manage it.”
OPM is also working on data masking high-value assets, which will scramble the data when it’s presented unless the reader has access to the information.
“All the agencies across the Federal government are prioritizing their high-value assets,” Triplett said.
OPM has 18 places where it will invest in encryption in the future, according to Triplett, who chose not to reveal the specific places on Wednesday. OPM uses encryption on its networks in transit, storage at rest, database at rest, and database in use.
OPM is interested in investing in a system that can contain its computing capabilities, storage, network, and database in one place. OPM sees a minimum of two to three vendors per day.
“It’s tricky on how you deploy it,” Triplett said. “We’ve got to figure out how you bring that as a complete package over.”
Another of OPM’s cybersecurity initiatives is a master map that scans for white spaces and coverage of potential threats. The agency then determines how to prevent, detect, contain, and eradicate the threats in at least three different ways.
“We know it’s probably impossible for us to prevent all threats,” Triplett said.
In this scenario, if OPM can’t prevent the threat, it will move on to the next stages of detection, containment, and eradication.
Triplett’s information technology priorities include risk management, data centers, applications, physical machines, and data, in that order.
In order to manage cybersecurity risks, OPM looks at operational availability and cyber risk.
“You don’t always get the money to fix all those issues,” Triplett said. “Sometimes they creep up on you.”
Triplett said that legacy IT systems are still prevalent at OPM. The Federal government is working to change this trend in order to save money on maintaining old technology. By 2021, Triplett said that getting away from traditional computing will become part of OPM’s agency mission.
“Though we’re highly virtualized, I wouldn’t say we’re optimized,” Triplett said.