Your agency will be attacked. Even if we look at the most conservative estimates, a company like Statista shows 32,211 attacks on federal agencies in 2023. The conclusion is obvious: you will be attacked and must have a way to remediate the problem.

Today, we sat down with three experienced cyber professionals to hear suggestions on improving federal cyber security resilience.

Russel Marsh from the National Nuclear Security Administration observes that federal employees may work 9 am to 5 pm every day, but malicious actors do not. The best practice here is to have a checklist of what to do in an “off-hour” emergency.

As part of a resilience strategy, focus on device and asset attribution, as well as the ability to discard certain devices. Conduct tabletop exercises and simulations to assess incident response and communication processes.

Flexera’s Dylan Hudak has seen federal systems with unsupported applications still on them. Visibility and proper software lifecycle policy can remedy easy problems like this.