The annual Federal Information Security Modernization Act (FISMA) report was delivered to Congress in May and contained encouraging news. The report, tracking agencies' ability to meet the guidelines set forth in FISMA, showed that there were 8% fewer cybersecurity incidents across government in fiscal year 2019. Additionally, the report showed that 73 agencies meet the highest FISMA rating, up from 62 in 2018.
All of this improvement comes at a time when more attacks are being carried out against agencies and those attacks are becoming more and more sophisticated. The government's ability to stay ahead of the increasing attack vectors can be attributed to compliance with federal regulations and mandates including Continuous Diagnostics and Mitigation program and the National Cybersecurity Protection System.
Additionally, a focus on educating federal employees about spear phishing, the practice of sending emails that look like they are coming from a known or trusted sender to intice targeted individuals to reveal confidential information, has also paid off. The report showed that the U.S. Department of State, U.S. Department of Health and Human Services, and the U.S. Department of Commerce had the largest reduction in phishing-related security incidents via email. Fittingly, the Department of Education earned a proverbial gold star, reporting zero phishing incidents. They attributed this success to employing "increasingly complex phishing scenarios" to improve spam filtering and implementing anti-phishing policies with their email provider.
These metrics were collected before the response to COVID-19 forced telework across government. Officials are encouraged that these numbers show that agencies are ready to handle the new risks introduced by a remote workforce. For example, an OMB directive had agencies develop capabilities to wipe mobile devices remotely if they are lost or stolen. Twenty-two of those agencies met the directive according to the report, making them well prepared to mitigate risks associated with devices being out of the building.
Of course, when it comes to cybersecurity, it's never advisable to rest on your laurels. To keep this positive trajectory of preparedness and mitigation, the government needs to stay up to date on threats, tactics, and tools. Here are some events that can help.
- Measuring What Matters: Enhancing Cybersecurity with Metrics (July 7, 2020; virtual) - As organizations work to enhance their cybersecurity, how can they ensure these efforts are effective and in compliance with federal standards and regulations? During this webcast, Nextgov and Route Fifty will explore how to develop effective cybersecurity metrics and the ways agencies are being measured. They'll discuss how to identify what to measure when it comes to cybersecurity, how to measure it, and how to turn these metrics into actionable intelligence.
- SNG Live: Cybersecurity (July 22, 2020; virtual) - This session will bring together federal cybersecurity leaders for a conversation on how they continue to mature their cybersecurity defenses, protect a remote workforce and what the best strategies are for staying ahead of adversaries.
- 11th Annual Billington Cybersecurity Summit (September 8-9, 2020; virtual) - Moving to a virtual event, this summit expands to a global audience allowing attendees to network with senior-level speakers, sponsors, and attendees representing industry, government, and academia. Hear from the "who's who" of cybersecurity influencers including VADM Nancy Norton, director for the Defense Information Systems Agency and Dana Deasy, chief information officer for the Department of Defense.
- TIC Talks: Turning the Page on Trusted Internet Connection (October 15, 2020; Washington, DC) -- The new TIC 3.0 policy will eliminate barriers to the cloud, enable emerging technologies like SD-WAN, and release the stranglehold on network access points, all while ensuring even greater federal network security. This forum will explore recent changes to TIC 3.0 and its role as a cyber paradigm. It will also examine how TIC is changing the way agencies approach building resiliency, implementing zero-trust, and enabling innovation.
Let us know where you are brushing up on security strategies. Share your favorite must-attend events and go-to resources in the comments.
Be sure to check out GovEvents for a complete listing of events, webinars and library of on-demand events.