Your agency will be attacked. Even if we look at the most conservative estimates, a company like Statista shows 32,211 attacks on federal agencies in 2023. The conclusion is obvious: you will be attacked and must have a way to remediate the problem.

Today, we sat down with three experienced cyber professionals to hear suggestions on improving federal cyber security resilience.

Russel Marsh from the National Nuclear Security Administration observes that federal employees may work 9 am to 5 pm every day, but malicious actors do not. The best practice here is to have a checklist of what to do in an “off-hour” emergency.

As part of a resilience strategy, focus on device and asset attribution, as well as the ability to discard certain devices. Conduct tabletop exercises and simulations to assess incident response and communication processes.

Flexera’s Dylan Hudak has seen federal systems with unsupported applications still on them. Visibility and proper software lifecycle policy can remedy easy problems like this.

This week on Feds At the Edge, sit down with an industry expert and state election officials from Pennsylvania, Florida, and Georgia to focus on election security challenges and solutions.   

Challenges: 

>> Traditional threats like disinformation and denial-of-service (DoS) attacks continue to be significant. There is also a growing concern about the physical threats faced by election officials, leading to high turnover rates. In Pennsylvania, 2/3 of officials have left their positions, resulting in an influx of new, less experienced staff. 

Solutions: 

>> Tabletop exercises are an easy and cost-effective method to prepare for potential issues. They are able to clarify procedures for responding to unexpected attacks and who to contact. The Help America Vote Act offers funding to improve election security, and testing systems while maintaining cybersecurity is essential. Resources from NIST and CIST provide valuable, targeted guidance to support election officials.  

Tune in on your favorite podcasting platform as our experts discuss the importance of practical training, funding, and cybersecurity in securing elections.  

 = =

In a world of rapid change and threat, organizations need to be ready and waiting with a plan. One good approach some are taking to navigate an ever-evolving landscape is to lean on a “digital playbook.” Customized to each situation and the unique and individual needs agencies big and small have, these playbooks could make the difference between a scramble and a smooth transition.  

This week on Feds At the Edge, leaders from the Federal and commercial sectors discuss the integration of digital playbooks in federal modernization, emphasizing the blend of people, processes, and technology. 

AI is an essential part of a digital playbook, with guidelines for ethical use, bias training, and data security. Rear Adm. Christopher Bartz, Deputy CIO of DHS, talks about the AI Corps exploring ways AI can increase security and reduce system costs. 

The 2021 Colonial Pipeline incident has stood in history as a prime example of the importance of cyber resilience for critical infrastructure. This week on Feds At the Edge, we delve into the call-to-action events like this have created for agencies everywhere and the resources available for even the smallest entities.   

Cheri Caddy, Senior Technical Advisor for Cybersecurity at the US Department of Energy, talks about resources like CISA & NIST, but suggests that private companies should also build ties with local FBI offices.   

Brendan Peter, VP, Global Government Affairs of SecurityScorecard, notes the importance of continuous risk assessment and evaluating the impact of policies to ensure they actually reduce cyber threats. 

When a network is attacked, analysts return to the logs to gain an understanding of where the point of vulnerability was, which makes keeping these records a crucial tool in cyber resilience.  

However, a lack of staff, poor existing systems, and limitations on information sharing in our increasingly complex and hybrid landscape could prevent agencies from keeping their records reliable and up-to-date.  

This week on Feds At the Edge, leaders from the Federal and commercial sectors share they ways they’ve been able to overcome the hurdles they face when logging events.

Tate Jerussi, Director of Civilian, August Schell, and Former Deputy CIO at DOE HQ highlights prioritizing critical logs and utilizing existing tools to address these issues. And Derrick Lawson, Staff Solutions Architect at Splunk, recommended following established guidelines, such as the MITRE ATT&CK framework.  

Tune in on your favorite podcasting platform as our experts reinforce the idea of embracing OMB 2131 as a logging standard and leveraging frameworks from organizations like MITRE to improve event logging practices and enhance security.  

With an accelerated leap in our post-COVID world, mobile devices such as cell phones have become a crucial part of the landscape for remote workers and in turn have also become a key component of today’s attack surface. 

This week on Feds At the Edge, leaders from the Federal and commercial sectors share vulnerabilities in the devices we bring from home, and the popular apps that put our sensitive data into the wrong hands. We explore websites that are designed to fool the end users into believing they are on a secure platform.  

Tune in on your favorite podcasting platform as agency and industry experts share methods to protect mobile devices, secure applications, keep operating systems updated and train users not to fall prey to web-based attacks. 

The transition to cloud computing by federal agencies has highlighted the importance of security, especially as sensitive federal assets are now in hybrid environments.  

This week on Feds At the Edge, leaders from federal and commercial sectors focus on improving security within the complex cloud environment. When code is written with the cloud in mind, applications can be moved easily, updates can be mastered, and systems architects can leverage many aspects of the cloud that are missed with an old “lift and shift” approach.  

Dave Hinchman, Director, Information Technology and Cybersecurity for US GAO, coined an aphorism, “Documentation is easy, implementation is hard.” 

Tune in on your favorite podcasting platform as participants discuss how to leverage cloud-native code and avoid the mishaps that plagued others. 

In this week’s episode of Fed’s At the Edge, we are talking about US Elections. From observations about challenges seen in previous elections to best practices to ensure a safe and fair election process.  

We’ll explore sources of help for election officials like utilizing CISA, local associations, and the US Election Assistance Commission. We also touch on critical areas like cybersecurity, communications, and physical security.  

Mark Earley, Supervisor of Elections for Leon County, FL, shares how election professionals should be aware of phishing vulnerabilities as they honor the responsibility of answering citizens emails  

Tune in on your favorite podcasting platform today to hear this and more, and learn how you can get involved.  

People imagine large organizations such as the Department of Transportation when they think about who needs to utilize Zero Trust. What they don’t realize is that a smaller entity can make for a profitable attack, even a gateway to those larger targets.  

In this week's Feds At The Edge podcast, Nick Graham, Senior Technical Sales Engineer of Civilian Sales from Raven Tek offers some solutions that smaller institutions should prioritize in their transition to a safer cybersecurity posture. 

>> Multifactor Authentication – How this framework for larger organizations can move to eliminate many security problems 

>> Staffing limitations – A look at those challenges of limited budgets and cost-effective ways to manage services.  

>> Training, training, and training- Recognizing potential attacks in your company inbox. Tune in on your favorite podcasting platform to hear Nick’s practical solutions for smaller organizations to

enhance their security posture.  

When the federal government adopts Zero Trust principles, it must consider both user identity and the data being accessed. 

This week on Feds At the Edge, leaders from federal and commercial sectors stress the importance of centralized coordination, automated labeling, and real-time access control through Identity Management.  

Bryan Rosensteel, US Federal CTO for Ping, advocates for a "federated" identity management system, as individual agencies may struggle to meet Zero Trust demands in a timely manner.  

Tune in on your favorite podcasting platform as participants also discuss the merits of access-based and role-based controls, suggesting that context-based controls could enhance real-time access management.