Guest columnCombating a silent attacker: Using information assurance to protect federal agencies // by Stan Tyliszczak
To defeat the next generation of cyber threats, government agencies will need to not only deploy the latest cyber security tools, but also cultivate and maintain an information security-savvy workforce through concerted, longstanding training initiatives
Chief information security officers (CISOs) across Federal agencies rate the current threat level of cyber attacks an 8 out of 10, with 10 being an “extreme threat,” according to a recent study by MeriTalk. Eighty-seven percent of CISOs reported an increase in cyber attacks over the last year. The new presidential administration shares their concerns. In February President Barack Obama ordered an immediate evaluation of the country’s security measures to protect against cyber attack. In the coming months, federal agencies will assess the country’s current security stance, and in turn, determine a best path forward to bolster protection for sensitive information and our nation’s critical infrastructure.
“Information Assurance” combines physical and information security protections, while allowing for safe information sharing and collaboration across agencies. Given the grave threat to U.S. critical infrastructure, it is tempting to lock down buildings, networks, and data, limiting access to mitigate risks. Information sharing, however, is as important to our government security posture as information security and physical security. Information assurance consists of a three-pronged approach:
- Restricting unauthorized information access while simultaneously enabling access by authorized parties
- Ensuring the integrity of information
- Protecting the network that supports the flow of information
Restricting information access
Information assurance is fundamentally about protecting information. Protection begins with evaluating the sensitivity of the data. Whether it is Social Security numbers, tax information, law enforcement data, or classified national security intelligence, agencies must determine which parties can access the information. They deploy policies, procedures and technology solutions — from CAC cards to secure ID tokens to iris scans and other tools — to let authorized individuals in and keep others out.
Ensuring the integrity of the information
Information integrity is the second prong of the information assurance approach. Beyond information access, agencies must know that the information is accurate — that it has not been inappropriately altered. Data that is corrupted can seriously impede an agency’s ability to meet its mission, whether that is national defense, public safety, public welfare or environmental protection. Technology tools can monitor who is accessing data, how long they are accessing it and whether they are editing it — intentionally or unintentionally — to help to ensure the integrity of the information.
Protecting the network
The third prong of information assurance is network security. Network security is not just about keeping rogue agents out; it is about enabling information sharing across, within and among Federal agencies and important mission partners. Technology tools
