In December, we sat down with Mike Gruss, Executive Editor at Defense News and C4ISRNET at Sightline Media, and Phil Goldstein, Senior Editor for FedTech and StateTech. In our first of two episodes of To the Point Cybersecurity Podcast, we discussed Forcepoint’s 2021 Insights, and how they affect the government space.
The 2020 pandemic has moved the workforce remote, and with it has accelerated the move to cloud. Products like Zoom have been widely accepted as the norm because they do exactly what they need to do – they just work, without adding extra steps or complications. Cybersecurity needs to get to a “zoom like state” - it just needs to work. Cybersecurity leaders are going to demand zero trust networks be implemented more quickly. Within the government space, the job needs to get done, the system needs to work, while also maintaining security protocols. More complicated or less intuitive systems could lead to insecure “work arounds” - which could lead to conflict and as the adage goes “if its between mission and security, mission wins”. Utilizing services that have security baked into an easy to use system, like zoom does, will increase adherence to best practices. Mike points out government folks are “often have to use more complicated, maybe less user-intuitive systems”, 2021 will see this long-time conflict of mission vs security really come to a head because so many are remote and there are less cumbersome options available to them remote.
Disinformation is one of the larger issues of our time. As adversaries begin to weave real data with bits of disinformation, the lies become the new “truth”. Looking forward, Phil said “I don't know exactly how you put the genie back in the bottle….You can only try to mitigate the spread and that comes from having more responsible leaders from technology companies being more proactive to stamp this out.” Mike points out, the military is well aware of this too. The Air Force in the last year created the Sixteenth Air Force, which is an information warfare command that oversees some of the Air Force's cyber units. One of the things they talk a lot about is deniable plausibility. Integrating multiple sources, keeping a clear record, and showing your work allows the facts to speak for themselves and a way to dispute inaccuracies. Working out issues in public so things can be followed and traces may provide a level of protection against public distrust.
Where is your data?
Simply put – it’s everywhere. A big push in 2021 will be further identifying what types of information we are comfortable having available. The government will be looking for what kind of information has been stolen in the past, as well as what information does not need to be accessible remotely. Knowing the “crown jewels” or high-level assets of each branch will help identify what should, or should not, be accessed and by whom. Identifying and managing Privileged Users will continue to be a challenge moving forward. Limiting access to only the bare minimum that individuals need in order to work could be one path forward, but it may not be feasible way to limit risk. As we’ve seen unfolding with the Sunburst breach, it is not just limiting access to specific bits of information, but also strengthening the security on choke points and pathways into these high value targets.
To hear the rest of Mike and Phil’s take on Forcepoint’s 2021 Insights, and their own predictions for the new year, listen to 2021 Insights and Predictions - Part 1, or click on the green Listen to the Podcast button.
Subscribe today wherever you get your podcasts: