As federal IT infrastructure is overhauled – through means of cloud migration and other strategies – for the sake of cost efficiency and better systems and processes, one of the chief concerns among government agencies is cybersecurity. The array of cyberthreats to government agencies is well-documented. In fact, research from Control Risks has shown that government was the most highly targeted sector in the past year, accounting for 36 percent of all targeted attacks in 2015. Unfortunately, this is only the tip of a very large iceberg of cybersecurity woes for government organizations.
The growing concern of insider threats
Defending against hoards of cyberattackers is a challenge unto itself, but federal agencies' foremost concern may not actually be cybercriminals from China. According to a recent survey conducted by the Ponemon Institute, the number-one threat to government cybersecurity is actually the "negligent insider."
Among federal agencies, the top three cyberthreats were listed as negligent insiders, zero-day attacks – which are attacks that have yet to be employed – and contractor mistakes. At the state and local levels, the top concerns were failure to fix known vulnerabilities, negligent insiders and zero-day attacks. With the exception of zero-day attacks, all of these originate from within the workplace.
What's more, some of these issues have manifested as real-world scenarios within the past few months. The most recent example involved the finding that the Department of Homeland Security running multiple unpatched databases, some of which were labeled as "secret" or even "top secret." Seemingly insignificant blunders such as this have the potential to precipitate dire consequences – hackers will not hesitate to turn even the smallest mistake against a government agency.
This is is especially true given the significant influx of nation-state hacking. According to the results of a joint study conducted in late 2015, a growing number of cyberthreats originate from nation-state hacking groups. These groups will go after private organizations and government agencies alike, and they're using some of the most complex tactics ever witnessed. A July 2015 breach of the Joint Chief of Staff's email accounts, for example, was dubbed the "most sophisticated" cyberattack seen to date by the Department of Defense. The attack is believed to have been executed by a team of Russian hackers. Considering the resources available to these hackers, and their presumed skill, the last thing that a government organization wants to do is make their jobs easier.
A cutting-edge analytics solution
One way that government organizations at all levels have sought to improve law enforcement and public services is by deriving insight form big data. A bevy of propositions have been brought to the table that aim to do everything from enhancing law enforcement intelligence to possibly helping the U.S. economy. One possible new use case for data analytics is improved cybersecurity for government organizations.
According to GovInfoSecurity, analytics researchers are working on a system that will be capable of sifting through electronic communications within an organization to identify insider threats. Essentially, certain employees that pose a risk to an organization – either because they have flagrantly malicious intentions or because they are in contact with someone else who does – will be sniffed out based on language and sentiment expressed in emails, text messages and other communication portals. This sort of a solution may be especially useful as cloud computing adoption continues, and fosters work environments that are more conducive to remote collaboration via email and instant messaging.
If it were to work, this type of solution would have obvious benefits for government organizations, which are currently in the process of finding new ways to mitigate threats that are introduced internally. For instance, no one is perfect, and mistakes have been made within government organizations that have the potential for severe cybersecurity repercussions. The question subsequently becomes, which of these mistakes are innocent, and which are deliberate?
In theory, a smart analytics system would be able to tell the difference, and thereby enhance government cybersecurity.