As federal agencies struggle to keep pace with the mounting threats to their far-flung digital systems, IT professionals must move away from treating security as a compliance exercise and adopt dynamic, real-time monitoring, government CIOs said in a recent panel discussion.
In many agencies, that shift toward continuous monitoring is already well underway, as CIOs have been working to further automate their systems so that networked assets scan for and report potential security incidents.
"There was a lot of checklists focused on looking at what type of security controls needed to be implemented, what type of security controls actually were implemented," says Simon Szykman, CIO at the Department of Commerce.
"We're now moving toward an era of much more automated and near real-time situational awareness where we have systems that themselves are able to verify that controls are being implemented, assess the state of security across a broad infrastructure, and report in a real-time or near real-time basis a broad security posture over a big infrastructure up to decision makers," Szykman says.
For entities within the government with IT assets positioned around the country or even globally, achieving that holistic view of the network can be a particular challenge.
For instance, at the National Oceanic and Atmospheric Administration, the division of Commerce that includes the National Weather Service, IT staffers maintain a sprawling network that collects data from more than 20,000 devices. With the agency's shift to continuous monitoring, all of the automated information logs those devices produce became centrally collected and analyzed - a round-the-clock process that scrutinizes more than 1 billion events per day, according to NOAA CIO Joe Klimavicz.
Those data points had been collected before NOAA moved to continuous monitoring about four years ago, Klimavicz says, but the agency did nothing with them. Now, with constant threat detection and analysis, NOAA's systems block more than half a million malicious Web connections each week, according to the CIO.
"At NOAA, continuous monitoring is embedded in our enterprise-level security operations center," Klimavicz says. "We're able to see things that we weren't able to see before."
Cybersecurity 'A Big Data Issue' for State Department
But all that monitoring and data collection can create its own set of challenges. The State Department, for instance, maintains IT operations in more than 200 countries. Its security personnel are swimming in data points. That prompted the IT team to develop a system, dubbed continuous diagnostics and mitigation, or CDM, to sift through the clutter.
"It is a big data issue. Part of it is dealing with thousands of false positives on a daily basis," says William Lay, the State Department's deputy CIO for information assurance. "We have hundreds of monitors, thousands of sensors. They're all pulling data together 24/7."
Sign up for CIO Asia eNewsletters.