The Biden administration’s Cybersecurity Executive Order issued in May 2021 has put a greater emphasis on cybersecurity at the Federal level – which is especially important after numerous high-profile ransomware and software supply chain attacks came to light earlier in the year – but many Federal cyber leaders say the Cyber EO only addresses a fraction of today’s cybersecurity challenges.
A new survey conducted by MeriTalk, and underwritten by Leidos, found that “while the EO brings cybersecurity issues to the forefront, Federal cyber leaders need to shift gears to make real progress.” The survey results include input from 150 Federal cyber leaders across civilian and defense agencies.
The survey report – entitled “Beyond the Cyber EO: How to Build a Better Mousetrap” – finds that agencies may be focused on the wrong aspects of cybersecurity, allowing the proverbial mouse-in-the-house to run free of broken traps. In total, 77 percent of Feds surveyed said that their agency is focused more so on security compliance, rather than long-term cyber resilience.
That top-line finding is cause for concern, along with the conclusion of 94 percent of those surveyed who said they see flaws in current cybersecurity strategies, including compliance-based security and skill gaps in the cybersecurity workforce.
Additionally, 77 percent of respondents agreed that their agency needs to better understand the attacker’s perspective in order to build a more proactive cyber defense.
The Fed IT pros surveyed agreed there is a path forward to stronger cyber resilience among Federal agencies.
To realize aspirations for better security, officials said that agencies need a strong cyber culture, an up-to-date understanding of their environment, and mature AI/ML applications. To get to those goals, those surveyed highlighted a variety of necessary technologies including automation, security and behavior analytics capabilities, and integrated suites/security management platforms.
Building on that, the survey found 78 percent agree that the biggest benefit of the cyber EO is its elevation of cybersecurity to the top levels of government agencies. At the same time, 83 percent said Federal leaders should do more to address the full spectrum of cybersecurity challenges, and 81 percent agreed that agencies must move beyond compliance to a more modern, agile, and effective cyber model.
“Cyber threats are becoming more evasive and continue to evolve, but we must move beyond compliance to a modern, agile, and effective cybersecurity model,” said Meghan Good, Director of the Cyber Accelerator at Leidos.
Federal leaders were asked about weaknesses within cybersecurity models, and where the focus should be in building improved cyber traps. An important element of that thinking hinges on another important survey finding: 58 percent of respondents believe that breaches are preventable, while the other 42 percent view them as inevitable.
To better arm improved cyber traps over the next five years, the Federal IT officials surveyed agreed on several important steps for agencies to start taking:
- Adopting a stronger cybersecurity culture throughout the agency;
- Improving the ability to track/understand what’s happening in their environment;
- Maturing AI/ML applications;
- Increasing use of automation; and
- Prioritizing pilot efforts and security innovation.
The full findings of the survey are featured here.