How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?
[Non-ITAPS]... more »
Enhance content aware, rapid, and automated anomaly detection, both in network traffic/usage as well as user behavior. In-memory analytics powerful for this work. Be able to detect and respond in minutes not hours weeks and months.
Monitor data going out for anomalies, including tagging for sensitive data. This would have been a signal to spot exfiltration like in the OPM case
Clarify a “hotline” reporting channel for people who suspect an issue, in agency or government-wide – if a user sees a potential problem, can check with team to for tech assistance on whether it’s real and what are next steps. Sort of a help desk for cyber reporting.
Create Blue Team audits followed by Red Team operations performed by pre-qualified contractors or in-house staff using efficient contract services vehicle managed by GSA. Focus is beyond standard penetration testing and embraces “hunting” tactics largely used by DOD Red Teams to emulate adversaries. Increases resiliency and ability to enhance capability to address early indicators of APTs.