THREATQ FOR:

Government Agencies

We all rely on our government agency computer systems for vital services and information. As government agencies are considered critical infrastructure, they are under constant attack from hackers, political activists and foreign state-sponsored actors. To illustrate this, one of the most public and potentially damaging breaches of record is the foreign adversary attack against the Federal Office of Personnel Management (OPM) resulting in exfiltration of over 20 million sensitive personnel records.¹ 

Key Government Agency Challenges

RESOURCES

One of the most significant risk areas identified by federal government agency internal assessments is internal resources – people, technology and funding. These resource limitations lead OMB to assert that agencies “do not have the resources to combat the current threat environment.”³ Unfortunately, the prospect of significant hiring to augment this resource shortage is bleak, given a widening skills gap with currently 13,000 unfilled public-sector cybersecurity positions.⁴

Government IT and security teams are doing their best to establish situational awareness by combining raw threat feeds with existing security information and event management (SIEM) and log management tools. However, this approach fails to achieve this objective and ultimately drives up alert fatigue for an already overwhelmed staff. Eliminating alert fatigue and accelerating situational awareness requires prioritized, contextually relevant, real-time threat intelligence that seamlessly integrates with existing tools and practices. A threat intelligence platform (TIP) facilitates this integration. The result is the optimization of limited resources.

In 2022 there was an increase in so-called hacktivist activity — hacking for political purposes — which accounted for about 9% of the recorded incidents reported in the government sector. Ransomware groups accounted for 6% of the total incidents reported. LockBit was the most prominent ransomware operator, the report noted.

Government agencies face the continual challenge of balancing access and transparency against protecting constituents’ sensitive information. Doing this requires a level of openness that makes it impossible to prevent all intrusions. Complicating matters, most of the emphasis to date for government security has been on preventive tools, techniques and procedures. To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties.⁶

THREAT LANDSCAPE

Government agencies are facing an ever-expanding threat landscape driven by two factors. First, the abundance of legacy IT provides a broad target for malicious actors due to the persistence of unpatched, unprotected and even unsupported operating systems and applications. Second, government agencies are moving to the cloud and adopting mobile and Internet of Things (IoT)7 devices at an accelerating rate. These technologies are critical to delivering new levels of government service and constituent responsiveness, but at the same time, they significantly increase the government agency attack surface. Maintaining current visibility into the entire infrastructure and continually re-evaluating and reprioritizing threat intelligence helps government agencies protect an expanding digital world against a growing threat landscape.

1. https://www.cnn.com/2015/07/09/politics/office-of-personnel-management-data-breach-20-million/index.html
2. Executive Order 13800 – Federal Cybersecurity Risk Determination Report and Action Plan,” Office of Management and Budget (OMB), May 2018.
3. https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/13/fact-sheet-biden-harrisadministration-publishes-thenational-cybersecurity-strategyimplementation-plan/
4. https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
5. https://www.csoonline.com/article/574275/cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html
6. https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/