Cyber is a team sport–here's how the public and private sectors can play together

Getty Images

By Bill Wright

By Bill Wright

|

Cybersecurity is constantly evolving and it's often difficult for leaders to keep up with an evolving cyber threat landscape.

Over the past year, we've seen the government take instrumental strides to improve the nation's cybersecurity and combat the rise in cyberattacks targeted at the public sector. From the Cybersecurity Executive Order to the Zero Trust mandate, the Biden Administration has demonstrated that it's making cybersecurity more of a priority than ever before, pushing agencies to improve their efforts and commitments to establish a strong security posture. However, despite this progress, only 33% of federal agencies forecast an uptick in their cybersecurity investment over the next 1-2 years.

With all the recent momentum in federal cybersecurity mandates, this number is puzzling – so let's take a closer look.

Federal cybersecurity has been getting a bad rap for years. In fact, last year a Senate Homeland Security and Goverment Affairs Committee report gave eighteen federal agencies grades of Ds and Cs on their cybersecurity posture. But what may be most alarming is the recent Federal IT Acquisition Reform Act (FITARA) 14 scorecard which shows a downward trend for several agencies regarding cyber efforts. For outsiders looking in, it almost looks like the government isn't trying to improve its security posture; however, the reality is that cybersecurity is constantly evolving and it's often difficult for leaders to keep up with an evolving cyber threat landscape. 

Case in point, 64% of security leaders say keeping up with security requirements has gotten harder in recent years, which is up from 49% in 2021. With all the improvements in technology, why is it so challenging for them to increase their cybersecurity readiness faster? 

Answer? Federal agencies currently lack the funds or resources necessary to meet many of these requirements, and don't know the actionable next steps they need to take to meet new mandates. For instance, many agencies viewed portions of last year's Cybersecurity Executive Order as unfunded mandates. The administration even acknowledges the difficulty in funding these requirements due to multi-year budget cycles. For example, in the OMB Zero Trust Strategy, OMB tells agencies they should leverage FY24 budgets to fund their zero trust requirements. With upwards of 80% of agency IT budgets annually geared towards legacy software, it can be difficult to make the technological leap needed without more resources. Moreover, our two-year budget cycle can be too slow to keep up with technology within an ever-evolving threat landscape. Congress has tried to address this with the Technology Modernization Fund, but the fund, and how it's administered, has yet to reach its full potential.

Cybersecurity is a never ending battle, with many experts agreeing that it will only get harder. That's why it's not only up to regulators but the industry as a whole to ensure that our federal agencies have the correct defenses in place by continuing to innovate. This starts with rethinking federal cybersecurity measures. 

Reimagining security regulations

As we've seen, the simple act of passing new requirements isn't an effective strategy for improving cybersecurity. Instead, policymakers need to make sure these agencies have clear, actionable guidance to meet new cybersecurity requirements. Finally, policymakers need to also ensure that agencies have the ability to access the technology quickly and in a sustainable manner through updates to acquisition policies, streamlining of compliance requirements, and investments in modernization funds.

In the meantime, given that changing legislation isn't something that can be done overnight, federal agencies can lean on their private sector partners to help meet upcoming requirements. Oftentime these partners are already aware of supplemental resources – such as the Technology Modernization Fund – that offers agencies the short-term funding or steps they need to meet new requirements. Technology partners can also help assess current technology stacks and share recommendations on how agencies can effectively improve their security posture. By working towards achievable and measurable goals – such as implementing multi-factor authentication or modernizing event  logging – agencies can take the steps required to meet the Cybersecurity Executive Order and other cyber initiatives. 

Public and private sector collaboration will be vital for long-term success

As we continue to enhance our nation's security posture, it is imperative that we take a whole-of-nation approach to defend against the most significant threats to the nation, including threats to our critical infrastructure. As an early member of CISA's Joint Cyber Defense Collaborative (JCDC), Splunk has seen first-hand the power of combining industry and government efforts on planning, threat analysis, and defensive operations to combat cyber threats. These days, the cyber threat landscape is simply too vast, and evolving too quickly, for anyone to go it alone. Cybersecurity is the ultimate team sport. Only through strong, consistent public-private collaboration can we hope to stay ahead of the threat.

Bill Wright is senior director for North American government affairs, Splunk.

NEXT STORY: Improving CX through consistency

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.