All networks should be protected, but perhaps none more so than those of the U.S. Federal government. And a new report from MeriTalk and NetApp finds lots to worry about.
“President Obama rates cyber threats as one of the most serious challenges facing our nation – consider the source and the context. As cyber threats become more sophisticated, it is increasingly clear that the Federal Information Security Management Act (FISMA) may not be enough to protect agencies from attacks. To combat today’s cyber threats, agencies need a modern, dynamic approach that combines risk management, continuous monitoring, and real-time awareness,” states the report, entitled “FISMA Fallout: The State of the Union.”
One big problem is government cyber security workers don’t have true confidence in FISMA.
The cyber threat is big and getting bigger. Over the last year, 64 percent of government agencies had to fight off leaks and insider threats, 60 percent dealt with non-state actors, and 48 percent, nearly half, had to ward off state-sponsored threats or attacks.
The survey of over 200 security pros has a pretty frightening result – that only 53 percent of those polled believe FISMA improved their cyber defenses.
Image via Shutterstock
And the need to be in compliance with FISMA raises costs. “In addition, 28 percent view FISMA as encouraging compliance rather than risk identification and assessment, 21 percent believe it is insufficient in dealing with today’s cyber threat landscape, and 11 percent believe it is an antiquated law,” the report said.
Meanwhile federal IT workers can keep with current workloads, never mind strengthening security for the future. Some 55 percent of those polled say they can’t keep up the data currently traversing their networks.
And by adding cost and complexity for little gain, FISMA is helping matters. “FISMA’s compliance model is not keeping up with the evolving security landscape or the security demands,” said Mark Weber, president of NetApp U.S. Public Sector. “There is a shift in the industry from compliance to continuous monitoring, and a vast number of new technologies exist to support this change. Our Federal cyber professionals should be given the resources, regulation, and management support to take advantage of these technologies to help thwart cyber security attacks.”
Meritalk’s advice is to take the bull by the horns by deploying continuous security monitoring.
Struggling to Keep Pace
Another recent MeriTalk study points to the difficulties the feds face keeping their networks up to snuff, which means security may not always be optimum.
The U.S. federal government wants to be as leading edge as anyone, and has plans to adopt what some call the big five of technology – big data, the cloud, data center consolidation, mobility and security.
But there is one big problem – federal networks are not up these tasks, MeriTalk says.
The result of deficient networks ? Bottlenecks. Potentially huge bottlenecks. This isn’t just an issue for the feds. Anyone moving substantial chunks of computing to the cloud has to look the network, and look at it on and end-to-end basis. First is the internal corporate network, then the egress/ingress points, the speed of the service provider’s network (for big cloud apps dedicated connections are usually a must) and finally the speed of the service providers’ internal network.
MeriTalk’s report, “The Net of Federal Networks: Will You Survive the Big Five?” dives into these issues. And the research was funded by Brocade (News - Alert) which has a fiduciary interest in helping the feds boosts their networks. That doesn’t make the research bad, it is just something worth noting.
Just like putting the cart before the horse, federal agencies may be putting the apps before the network. Fortunately federal IT managers at least understand the issue. “On average, network managers expect agency’s total network load to increase by 79 percent as a result of the Big Five. However, Federal network managers do not believe today’s networks are ready – 59 percent say that if the Big Five were fully deployed today they would be at or over their network’s capacity limits. In addition, four out of five – 84 percent – of network managers say if deployed today, the Big Five would put them at risk for a network bottleneck,” the report found.
It is not just the network, but the rest of the infrastructure that also needs tending to, apparently. Security must be boosted as new apps create new attack surfaces, and storage must be boosted (of course as any IT pro knows, storage must always be boosted).
Edited by Alisen Downey