What Does the New Cybersecurity Policy Mean for the Federal IT Market?

October 16, 2017 by in News, Security

The government sector has been notoriously slow to adopt modern cyber security measures for a long time.

A new report from Netwrix, for example, found that only 14% of government organizations believe they’re well-prepared to face modern cyber threats. What’s more, given the treasure trove of sensitive data sought by hackers that many of these agencies hold, federal IT should actually be at the forefront of cyber security.

A 2016 U.S. Government Accountability Office Report stated that government IT systems are actually becoming “increasingly obsolete: many use outdated software languages and hardware parts that are unsupported.”

A new executive order issued by President Donald Trump this Spring aims to tackle this issue head on and bring U.S. federal IT into the modern age.

Here’s a breakdown of the new policy as well as how it’s going to end up affecting the market as a whole.

A New Method of Accountability

Signed on May 11th, 2017, this executive order mandates a new and all-encompassing set of accountability standards by holding agency heads entirely responsible for their agency’s security.

The order states that executive department heads as well as agency heads will be held accountable for the cybersecurity risk management of their enterprises. This mandate, in particular, is poised to change the way security is viewed across the federal sector as executive level officers will no longer be able to pass the blame for a breach onto lower level IT professionals.

According to the order, agency leaders now hold the direct responsibility to implement risk management measures commensurate with the risk and magnitude of the harm resulting from unauthorized activities associated with using, disclosing, disrupting, modifying, and destroying IT and data.

The more accountable the leadership, the more secure the agency.

Updated Standards

Another specific mandate of the order is that all executive departments and agencies must adhere to the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, nicknamed the NIST Cybersecurity Framework.

Originally created for use in the private sector, the executive order mandates that all agencies must take steps to align with these guidelines provided by this dynamic and comprehensive framework.

Doing so will not only ensure executive agencies will bring their departments into the modern era, it will also unify the standards by which the security of all such agencies are judged, making evaluations much more streamlined and accurate in the process.

IT vendors themselves may also have to adjust their marketing and business models. More stringent guidelines will result in more in-depth scrutiny of legacy systems as well as significant efforts to find new, more complete options on the market today.

As a result, outdated systems with no modern alternatives may have to be abandoned throughout government agencies, putting well established (but obsolete) vendors at risk while giving more contemporary providers the upper hand.

Shared IT Services in the Federal Sector

Another point of President Trump’s executive order worth mentioning is that it highly favors the use of shared IT services such as cloud-based digital platforms for the government.

The executive order cites that preference be shown by agency heads when procuring shared IT services (email, cloud, and cybersecurity services) to the extent permitted by law.

Agency heads were also required by the order to submit a full report outlining the feasibility, cost effectiveness, and overall plan of moving their agency towards such shared IT services by August of this year.

The government’s move towards such cloud-based platforms mirrors that of the private sector as well. In fact, 80% of all IT budgets are estimated to be committed to cloud solutions just 15 months from now. This boost in user adoption has given cloud providers the customer base and resources they need to invest in more refined security procedures like increasingly complex secured APIs as well as sophistication authentication measures.

And with the President’s executive order putting more weight on IT protections than ever before, this added security is likely going to be a powerful selling point for many companies.

Modernizing an Outdated System

The new policies and guidelines outlined in President Trump’s cyber security executive order are finally bringing obsolete federal systems into the modern age. Tough new accountability measures, updated standards, and the migration to more secure and centralized systems are a step towards being better able to prevent and mitigate the damage of a modern cyber security incident.

And considering the amount of sensitive data these agencies hold, U.S. citizens can finally begin to breathe a sigh of relief.

    IRC

    The First and Only Incident Response Community laser-focused on Incident Response, Security Operations and Remediation Processes concentrating on Best Practices, Playbooks, Runbooks and Product Connectors. In building the Community, the IRC is aimed to provide, design, share and contribute to the development of open source playbooks, runbooks and response plans for the industry community to use. These playbooks or recipes can be in the form of flowcharts, diagrams, sequences, scripts, orchestration platform playbooks and product integration connectors.

    Subscribe to receive updates from the

    Incident Response Consortium