The General Services Administration announcement of the distribution of nearly $100MM in awards to pay for security upgrades.
As we continue to advance and utilize our technology more, our dependence on the cloud grows alongside it. The same can be said for our government; the more our technology advances, the more confidential data is at risk of cyberattacks in the cloud.
This is why the federal government is investing 95 million dollars to aid in the modernization of cybersecurity operations at three different agencies. The funds will be split between USDA.net, DHS Homeland Security Information Network, and efforts that will work to improve multi-factor authentication, government data encryption, and adversary and vulnerability detection that use cloud-native technology.
USDA.net will be upgrading, which will take approximately two-thirds of the 95 million invested. The main change is that they will go from 17 previous networks to one and enhance their existing security measures. Not only will downsizing their networks significantly increase their security prowess, but it will also save them approximately $734 million in the long run.
DHS Homeland Security Information Network will be getting $26.9 million of the money being invested. That will go towards developing a new ISP. The remaining funds will be funneled into the improvement of various multi-factor authentication applications, government data encryption, and adversary and vulnerability detection using cloud-native technology.
With more and more valuable data being stored on the cloud, cybersecurity is not something we can fall behind on. However, as more is invested in keeping our cybersecurity and cloud-native technology up-to-date, we continue to make great strides in ensuring that the threat of cyberattacks is gradually reduced.
Top security experts have shared their insights on why evolving technology to combat and protect against evolving cybersecurity attacks is imperative as we continue to evolve into a more technologically centered society.
Gal Helemski, CTO and co-founder, PlainID
“The government holds the most sensitive data out there, and in today’s world, you cannot put your trust in any static, perimeter-based security system. Every single data access needs to be assessed in real-time with specific context of who is accessing what data, from where and how. This will massively improve the cybersecurity capabilities of these three federal agencies.
Everyone must realize, the key to defending an organization from future cyberattacks is protecting the data and the applications, by ensuring that even if a bad actor (which can be a federal employee sometimes) has gained access credentials, they don’t have automatic access to any or all data. To quote from the memorandum “Authorization, a critical aspect of zero trust architecture, is the process of granting an authenticated entity access to resources. Authentication helps ensure that the user accessing a system is who they claim to be; authorization determines what that user has permission to do.”
Let’s face it, zero-trust is the only way to secure a modern, decentralized enterprise, in which data and applications are accessed from anywhere by employees, customers and partners.”
Danny Lopez, CEO of Glasswall
“We applaud the GSA’s distribution of funds to upgrade government agencies’ outdated perimeter-based defenses and move toward a zero trust approach. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers, it is crucial to strengthen all processes relating to access verification. Without a zero trust approach, organisations run the risk of attackers having a free reign across a network once they are inside. Zero-trust starts by taking a proactive rather than a reactionary approach to cybersecurity. You are already too late if you are responding to a threat. Consideration of Content Disarm and Reconstruction, which proactively examines, purifies, and rebuilds files as they enter the organization, is a smart first step. This way, every file is seen as a potential hazard, and dangers are proactively eliminated before they can cause any harm.”
Arti Raman (She/Her), CEO and Founder, Titaniam
“In the last 12 months, there have been a series of guidelines issued by the Federal Government and President that require agencies to dramatically lift their security posture in the face of growing cyber attacks. Agencies have been asked to close current vulnerabilities and implement new solutions that enforce Zero Trust and improve data encryption.
As agencies have moved to conform, it has become clear that in many cases, they are severely limited by budget and are unable to explore anything beyond the very basic. The funds made available by the General Services Administration will play a critical role in supporting much-needed security initiatives.
It is my hope that the budget is utilized not just to catch up to the basics, but to leapfrog and adopt critical new technologies such as encryption-in-use that comprehensively implement Zero Trust Data Security and have the power to eliminate data-related impacts from cyber attacks.”
Neil Jones, director of cybersecurity evangelism, Egnyte
“With the escalating volume of nation-based and supply-chain-induced cyberattacks, it’s clear that the approaches most government agencies use to address targeted cyberattacks on critical U.S. infrastructure just aren’t working. So, I’m excited to see that $100 million from the General Services Administration’s Technology Modernization fund will be invested to improve user experience, maintain site resilience and enable more effective remote access at three key U.S. Federal agencies.
Since the global pandemic began, users all across the world have demanded more of federal and local government resources, particularly those that are provided online. To meet such expectations, agencies can no longer rely on decades-old networks and file-sharing systems that can’t keep up with expanding user volume. Rather, they must be able to spin new computing capacity quickly, utilize secure networks with modern capabilities and apply critical security patches immediately. This appropriation will boost the country’s cybersecurity efforts and jump-start the government’s growing response to cybersecurity threats. And, it will protect U.S. citizens’ health, well-being and food safety, essential outcomes that we can’t quantify.”
Aaron Sandeen, CEO and co-founder, Cyber Security Works
“The federal government’s investments should help government agencies establish their security posture through proactive penetration testing and ongoing vulnerability management. Enterprises must repair the vulnerabilities that threat groups and attackers exploit in order to prevent catastrophe.
To truly safeguard their organization from potential cyberattacks, leaders must enhance their cybersecurity visibility of known and unknowable assets, validate more frequently, and look for early warning capabilities as the world’s cybersecurity issues grow.”
Patti Jo Rosenthal chats about her role as Manager of K-12 STEM Education Programs at ASME where she drives nationally scaled STEM education initiatives, building pathways that foster equitable access to engineering education assets and fosters curiosity vital to “thinking like an engineer.”