Cyber measures gain momentum at federal agencies

The White House cybersecurity order proved “game-changing" in fostering leadership support for cybersecurity, zero-trust policies and security-at-the-edge efforts, a new survey finds.

By Scoop News Group

January 28, 2022

Last year’s White House Executive Order on Cybersecurity has had a catalytic effect in focusing increased attention on holistic cybersecurity practices, according to a new survey of federal IT officials.

Half of agency IT and security officials polled in the survey described the executive order as “greatly needed” — and another 30% called it “game-changing” — in getting agency leaders to commit resources toward critical cybersecurity projects.

Read the full report.

Three-quarters of survey respondents reported that their fiscal 2022 IT security budgets had been increased to meet White House requirements, and 44% said that those budgets had increased by more than 10%.

The study, conducted by FedScoop and CyberScoop and underwritten by Lookout, also found that 3 in 4 federal IT executives surveyed reported that their agency had developed 75% or more of the IT and cybersecurity strategies required of them by the executive order.

The findings are based on the completed responses of 162 prequalified executives and IT decision-makers and contractors working at federal civilian, defense and intelligence agencies in an online survey conducted in December.

The study did not examine what IT projects or priorities may be getting less attention in order to meet the administration’s cybersecurity mandates. It focused instead primarily on:

IT leaders’ perceptions on the maturity of their agencies’ zero-trust strategies.
The capabilities their agencies have in place to manage security.
The level of movement toward Secure Access Service Edge (SASE) security solutions as more computing activity occurs at the edge of agency networks.
The challenges agencies continue to face to fortify their overall security.

Among the key findings:

Zero-trust practices are still maturing. Executives were asked whether they considered their agency’s zero-trust policies and configurations as “traditional,” “advanced,” or “optimal” across five key areas — data, devices, identity and access, application workloads and network applications. Fewer than 30% characterized their zero-trust maturity practices as “optimal,” with only 19% describing their identity and access practices “optimal,” suggesting that agencies have a long way to go to establish zero-trust environments.

Cyber risk-management gaps remain. Federal IT leaders indicated they are equipped to manage some security risks better than others. Two-thirds of respondents said they are able to continuously assess risks on traditional endpoints, but only half could do the same for mobile devices. And only 4 in 10 are able to provide dynamic granular access, verify cloud configurations, or secure data regardless of where it goes, suggesting agencies will need greater help in these areas.

EDR capabilities appear widely implemented. On a brighter note, two-thirds or more of respondents said their agency can conduct a variety of Endpoint Detection and Response (EDR) activities consistently to detect and block issues, for instance, with insecure mobile devices, advanced persistent threats and polymorphic (evolving) malware.

Issues impeding zero-trust. The top challenges to establishing zero-trust environments are similar to the ones agencies face in modernizing as a whole: Complexity of their environment; conflicting IT priorities; the interdependency of existing technology; and limited budget and staff resources.

Agencies embrace SASE – Among other solutions to improve security, 86% of respondents said their agency is moving toward Secure Access Service Edge (SASE) solutions to better control applications, devices, users and workloads operating at the network edge. The growing focus on SASE suggests ways that newer technology solutions can help compensate for limitations in legacy systems.

Download the full study, “Securing the Edge, for detailed findings, including breakouts tables on how civilian, defense and intelligence respondents — and system integrators and government contractors — occasionally see things differently in the progress agencies are making toward zero trust.

This article was produced by FedScoop and CyberScoop and sponsored by Lookout, a leading provider of integrated endpoint-to-cloud security.

Cyber measures gain momentum at federal agencies

More Like This

Data-driven decision-making: The power of enhanced event logging

Operationalizing zero trust: A practical guide for modern federal agencies

Meeting zero-trust mandates with strategic partnerships

Top Stories

FISA reauthorization heads to Biden’s desk after Senate passage

FBI director warns of China’s preparations for disruptive infrastructure attacks

Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds

More Scoops

CISA issues emergency directive for federal agencies to patch Ivanti VPN vulnerabilities

Security trends public sector leaders are watching

As agencies move towards multi-cloud networks, proactive security is key

The key to making the US cyber strategy work: boots on the ground

Ensuring compliance without compromising on IT modernization initiatives

Navigating the path to passwordless authentication

Planning a robust response to cyberthreats with a zero-trust mindset

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics