Finding Tech that Aligns with the Implementation Plan
Agencies have a range of technology solutions and services available to them, including cyber advisory services, as they look to bolster their cyberdefenses in support of the NCSIP.
Emerging cyber tools post-quantum cryptography and artificial intelligence are two key areas of interest, Fakir says.
IBM has worked with the National Institute of Standards and Technology for the past six years to develop PQC algorithm standards that will be announced in 2024.
“Agencies will need to adopt these standards as part of their ongoing IT modernization efforts creating crypto agility, meaning that their systems are designed and developed to allow for updates or changes in cryptographic algorithms,” Fakir says.
Meanwhile, AI offers faster detection of and response to cyber incidents, helping to augment and raise operational capacity in the face of cyber talent shortages.
Paired with automation tools, AI “can make a real difference in an agency’s ability to not only improve cyber resilience but to also increase efficiency and save costs,” Fakir says. “Relying on traditional tools and processes is no longer enough to protect against attackers that are growing more sophisticated and organized by the day.”
DISCOVER: These are the crucial elements of a Software Bill of Materials.
Overall, the NCSIP creates an opportunity for agencies to lean harder into their IT modernization efforts.
“Not enough agencies have moved away from the legacy technologies, which lack the appropriate security measures to protect vulnerable data,” Moore says. “As a first step, these agencies will need to transition to advanced technologies — artificial intelligence, machine learning, crypto agility — in order to stay engaged and aware of the latest efforts and threats over time.”
Agencies must embrace industry-standard protections where they have not yet done so. Tools that support multifactor authentication, encryption, data security, backup and recovery, and cloud security will likely make their way to agencies as implementation ramps up, he adds.
To the extent that the mission demands it, agencies must adapt to technologies such as anti-virus software, penetration testing, network security monitoring and intrusion alerts. Network security will be crucial to international relations.
“Agencies should also deploy tools for web vulnerability to better protect the average user from online threats,” Moore says.
MORE FROM FEDTECH: Backup as a Service fits with agencies’ adoption of zero-trust security.
This may be an opportunity to look to outside consultants to help design, orchestrate and manage a comprehensive security strategy.
“Agencies are overwhelmed with the number of security tools that exist in their environment,” Fakir says. “Because all of these are acquired separately, there is no holistic approach to integrate these capabilities and fully operationalize them, and that’s where the biggest security gaps and risks exist.”
Managed security services address this issue by offering agencies best-of-breed approaches that reduce overhead and align capabilities across government. This is especially important because agencies need to budget for cyber upgrades not once but continually.
Federal requirements continue to evolve, as will agency compliance.
“Over time, we can expect new threats, vulnerabilities and technologies,” Moore says.
