As we continue to see the US public sector adopt permanent work models and witness the active threat of cyberattacks, one thing is clear: new cybersecurity prevention measures are crucial for the safety of the US and its citizens.
In recent years, with the onset of Covid-19, the US public sector rapidly shifted from operating in a controlled work environment (such as an office) to an employee’s home, apartment, or other public locations. I’m sure no one anticipated that the US Navy would need to find a way for people to use their own devices because it was virtually impossible to manage VPN lines and give laptops to everyone working remotely. Another example of this upheaval would be a State Department controller working from home on the same network as their young child’s eLearning class. This creates a sticky situation – suddenly, you have an uncontrolled environment where individuals share the same network and, in this case, the individual (child) doesn’t have the capacity to avoid letting malicious threats in. This isn’t an out-of-the-box scenario, in fact, my cat sent an email from my inbox the other day.
These are just a few scenarios where the US public sector IT departments have lost control of sensitive networks, highlighting the need for increased data protection and encryption for hypersensitive government information. Because of this, the US government’s cyber policies have transformed at a rate I never thought possible. To keep pace with cybersecurity threats, the “Improving the Nation’s Cybersecurity” Executive Order was released last year and called for the Federal Government to improve its efforts to identify and protect against bad actors. Even more recently, the US Senate passed the “Strengthening American Cybersecurity Act,” which aims to strengthen US cybersecurity infrastructure and has a strong emphasis on the cloud.
While this legislation is a step in the right direction, I believe there are still several barriers preventing the US public sector from effectively defending cyber threats:
- Technology improvement funds are inaccessible – the Infrastructure Bill I mentioned above allocates roughly $1.9 billion for governments to modernize their legacy IT systems, but it remains incredibly difficult to tap into those funds. To make lasting infrastructure changes, the government needs to streamline the funding process and make it much easier for agencies to access critical dollars that will enable them to enhance their cybersecurity measures.
- Government agencies rely on legacy IT systems that don’t support Zero Trust – in the past, systems have used what we call the “Castle and Moat” model. In this model, you need permission to cross the drawbridge to get to the castle. However, once you cross the drawbridge, you will have access to the entire castle. With the “Zero Trust” model, a user not only needs permission to cross the drawbridge but needs to be verified for access to every single room within the castle. In a nutshell, Zero Trust means “trust no one and verify everyone.” Switching to the Zero Trust model will be a considerable task – given that each city/state has their own unique processes and systems. So, to move to Zero Trust, governments will need to find a balance between autonomy at the city/state level and government-mandated security systems. While it will be a big undertaking, implementing this type of infrastructure will be critical to the US public sector and its evolving cybersecurity prevention efforts.
- Bad actors have access to the same technologies we do and prey on our weakest link: human beings – news flash: cybercriminals are becoming more sophisticated, well-funded, and have access to the latest and greatest technology that we all do. More threatening, almost, is that humans have a natural inclination to trust, and evildoers realize this can be their ultimate weapon. Unless we all move to Zero Trust policies, this will remain one of our weakest links, and bad actors will continue to prey on our instinct to be trusting.
- The grip that autonomy has on today’s politics and culture will continue to stall cybersecurity transformation – the mainstream adoption of cybersecurity practices is often prevented by the political and societal systems in place. For example, if the president were to state that every government agency must install a specific cyber protection software, there would potentially be public and legal backlash. As a result, mandating a unified cybersecurity standard is a big undertaking. Yet without a unified standard currently in place, this creates a “wild west” where each government entity can choose its own set of cybersecurity technologies. One potential solution to this would be to mandate three or more systems rather than only one. This could remove the potential cultural and political opposition to not having any choice in the matter of US public sector cybersecurity systems.
Acronis SCS Opens Up Path to Zero Trust Cybersecurity by Enabling MSPs
Today, in terms of cybersecurity, we are in a similar stage that the PC industry was in when it came to viruses in the early 90s. Unfortunately, most PCs didn’t have antivirus installed, and consumers would have to buy antivirus software. Eventually, Microsoft built antivirus software into the system, and consumers no longer had to worry. I predict this is the stage we will eventually get to with cyber protection. With Acronis SCS, we aim to make this a reality by accelerating the US public sector’s adoption of cybersecurity standards and services.
While there have been improved cybersecurity measures at the federal level, I have not seen this trickle down to the state and local levels due to the many barriers discussed above. This is where Acronis SCS can help. For example, our new Acronis SCS Cyber Protect Cloud provides MSPs with one integrated solution that eliminates complexity, so service providers can protect clients better, keep support costs down and:
- Reduce risk. Minimize your clients’ security risks with integrated cyber protection covering 100% of their endpoints and unlock unique capabilities not available from your current security vendor.
- Lower costs. Cut cyber protection costs by up to 50% by consolidating vendors instead of purchasing multiple point solutions from various vendors.
- US-based support and data centers. Eliminate frustrating support calls with 100% US-based support and ensure data security with US data centers and the assurance that no data will ever leave US soil.
- Certified and compliant protection. Maintain compliance with standards like FIPS 140-2, NIST 800-171, HIPAA, and CJIS that hold our products to extremely high standards.