While 2010 turns the page to a new decade, many threats from the past 10 years persist. In the cyber security world, nations such as China continue building cyber capabilities from an offensive and defensive perspective, resulting in what has become a new arms race.
In response to these threats, the Federal government hopes to shore up its defensive capabilities by mandating new FISMA performance metrics that incorporate “real-time” countermeasures—with real-time being the keyword. Real-time denotes the ability to identify, act, and respond to minimize the impact of attacks. This leads to our movement of increasing situational awareness and our ability to detect threats as they occur instead of reacting after the damage has been done. While real-time measures provide many benefits, they also carry a hefty price tag for agencies looking to implement these capabilities. Real-time capabilities can only be implemented through automated technologies and solutions. These technologies carry significant costs further straining the department or agency’s already thin cyber security resources.
Government agencies currently possess varying levels of maturity to implement and maintain these capabilities and, in some cases, do not possess these capabilities at all. Although they are absolutely necessary in any “defense-in-depth” strategy, the key question becomes “How much?” and “How fast?” can we implement them. With shrinking budgets and tougher times, it becomes a difficult exercise in prioritizing investments, especially when FISMA may formally capture progress and impact an agency’s grades and ultimately, their budget.
It would be impossible to implement these capabilities within a 6-12 month period, at least not effectively. Organizations need to take a risk-based approach to prioritizing initiatives and developing a strategy that allows agencies to prioritize their investments to obtain the greatest return and most importantly the biggest risk reduction to support their missions.