U.S. Federal Government’s Weakest and Strongest Cybersecurity

  1. What do you believe is the U.S. federal government’s weakest and strongest cybersecurity domain/sector/program or concept?

The weakest sector is probably the one involving the national power grid due to the size, decentralized format and criticality involved. This was outlined in a number of instances, including in a physical test by the Department of Energy in 2007 (Rollins & Henning, 2009).

When you combine a large number of operators with an aging platform and infrastructure – some designed more than 50 years ago, you are creating a “target rich environment” that is very difficult to protect. The increased connectivity and impact on almost all other sectors make this the most obvious gap in our national security.

  1. How would you reduce weaknesses?

This is possible but very difficult and expensive to implement. It would entail implementation of new standards, laws and regulations, redesign of the communication and transmission protocols and also a solid redundancy capability.

  1. How would you design the federal government’s cybersecurity management integration across agencies?

In order to fully understand the need for any changes, a thorough vulnerability analysis would have to be conducted – to cover all agencies, all associated infrastructure, all operational requirements and technical capabilities, as well as existing and needed human resources.

First, I would create an independent body that all agencies would have to report to ensure full control and governance. This independent body would report directly to the President. I would then create, with the participation of all agencies, a set of standards, specifications and protocols that all agencies would have to follow and require the new body to monitor and enforce the established standards and protocols.

Some of the elements that I would look for would include local and communication encryption, strong authentication protocols, creating closed government network, specific hardware and software requirements for all the government computers, a strong intrusion detection system, advanced monitoring and analysis of traffic and training of all involved personnel.

References

Rollins, J., & Henning, A. (2009).Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations. Washington, D.C.: Congressional Research Service.

What do you believe is the U.S. federal government’s weakest and strongest cybersecurity domain/sector/program or concept?

I believe the U.S federal government’s weakest cybersecurity concept is the people. Its 2019 and the government is out of its league when it comes to this technology. The technology is growing at an enormous rate and it’s hard to keep up with. In order to come to a solution with the government a bill has to be made up and then passed and then it can be put into use. About the time all this happens, another issue with in the domain has already been hacked into and it can be too late because another issue has come. The U.S has been struggling with this for some time and it has come to everyone’s attention when the U.S elections where hacked by foreign government’s or private sections.

How would you reduce weaknesses?

Reducing the weaknesses of the government being hacked is by taking the old people out of the government and adding someone who is knowledgeable on the concept or just by placing the right people in the right areas with the knowledge on the concept. When they interviewed Mark Zuckerberg on Facebook being hacked and the other apps that he owns or is responsible for, they had no idea what to ask or even how to go about asking. Private organization has had a great cybersecurity program that could be utilized by the government. If it is working for them then it could possibly work for the government. The issues with this is putting limitations on the free world, which not everyone wants.

How would you design the federal government’s cybersecurity management integration across agencies?

An idea plan for the federal government’s cybersecurity management integration across agencies is to break it down into sections. Most believe one person knows it all when in doughty only one may know something specific. Think of it as a car. One may know the engine, one may know the breaks. If members are place in the correct areas then a design could be implemented on how to make their product great. The biggest concept to me is to actually do the research and see where the real issues are with in there domain. Sometime it could be the security concept of the people getting in to the building and then getting on the network. There could also be people with poor knowledge on the seriousness of leaving a computer logged in and they walk away from their computer. There could also be issues with not getting the computer up to date with patches or routine updates. This may seem small to most but the issues add up and makes the organization vulnerable to attacks.

Now getting integration across agencies is going to be tricky because rules and policies will have to be set up before you just start going from one agency to another. One agency may be horrible and the other may be great. Of course you will have the horrible one go with new concepts that the great one has been using and once established then one can go across to another agency. The main concern is making sure policy is the same across the board and everyone is trained and understands it. Once that is established members and teams will be developed in the organizations and they will all have roles they play so no one is left out and everyone can play a part.