Introduction
The one constant about cybersecurity is that it is ever-evolving. Threats, vulnerabilities, data center environments, technologies, responses and strategies — these all continue to morph and require new thinking and approaches.
But it is also important to be mindful that many of the specific features of cybersecurity in federal government environments are quite different than those of commercial environments. Consider, for example, the contrasts between federal and commercial in terms of compliance regimes, business cases, diverse mission imperatives, the consequences and stakes of a breach, bureaucratic decision-making environments, and workforce skills, to name a few. Federal managers must smartly navigate the fast-changing cybersecurity landscape while also having to address the many specific demands that come with operating within a federal context.
So what strategies, approaches, and capabilities are particularly helpful in achieving good outcomes in this environment?
In March 2017, the Advanced Technology Academic Research Center (ATARC) — in collaboration with BDNA Corporation and marketing partner GovLoop — hosted a “Federal Executive Briefing on Cybersecurity” to discuss how the federal cybersecurity landscape is changing. Roughly two dozen federal cybersecurity executives, specialists, engineers, academics, and other practitioners discussed the specific cybersecurity challenges and approaches that apply to federal civilian agency and Department of Defense environments and where many of today’s trends appear to be heading. This report is a summary of those discussions and presentations.
To promote a lively and candid discussion, everything said during the event was considered “not for attribution.” Consequently, the substantive points and quotations made during the event and included in this report are not attributed to specific persons.
We have organized this report around two themes that dominated the discussion. The first theme concerns cyber security challenges that federal agencies face; the second concerns approaches and best practices to some of those articulated challenges.