Federal government agencies serve a critical purpose and must consider the implications for mission-continuity for every decision they make. In addition, federal agencies are the targets of nation-state actors who seek espionage and more. Protecting against these threats is critical to national security. And with remote work and constantly evolving cyber adversary techniques cybersecurity is as top of mind as ever.
To learn more about the cybersecurity challenges facing Federal agencies, we asked Fortinet Federal’s Steve Hoffman and Felipe Fernandez to share their perspective on how agencies protect their critical data and infrastructures against cyber threats.
Protecting Critical Data and Infrastructures Against Cyber Threats
What is top of mind for federal agencies right now?
Steve – I have worked in the Federal sector for years and some of the same threats persist but new concerns appear as cyber threats evolve. With a sophisticated threat landscape, an expanding attack surface, continuous government mandates, and a growing cyber skills gap, cybersecurity is top of mind. Some specific areas that come up frequently are: attacks from nation-state actors, protecting mission and agency data, ensuring security in a work from home environment, maintaining and upskilling a cybersecurity skilled labor force, secure cloud migration, and of course more recently enabling zero trust and supply chain security.
Felipe – Cyber adversaries are using sophisticated techniques and at the same time remote work creates new risks to mitigate. Where this challenge becomes unique to Federal agencies is that they must adhere to several government cybersecurity frameworks and fit specific budget requirements. One of the top priorities for Federal agencies has been their cloud strategy, but zero trust access is now top of mind as well given guidance from the recent EO. Enabling remote access has become a much bigger priority during the pandemic and will continue as work patterns adjust for the long-term.
What is the threat landscape like for federal agencies today?
Steve – While the private sector and state or local government may be targeted occasionally by nation-state adversaries, Federal agencies are consistently targeted by these actors, including sophisticated Advanced Persistent Threats (APT). Moreover, while the private sector is often the victim of financially-motivated crime, Federal agencies are typically targeted for theft of data—intellectual property and national security information—which is often harder to detect. Government is also responsible for unique services such as running elections which combine complex technical challenges with issues of perception and public confidence.
Ensuring Mission Continuity with Federal Agencies
What does risk mean for Federal agencies?
Steve – The Federal government provides safety and security to the country, therefore, the stakes are much higher for Federal agencies. Most companies weigh the risk/benefit cost and make decisions based on that. The government cannot diminish risk when referring to national defense, healthcare, financial systems etc. That said, resources are not endless and they face fixed budgets, skilled labor availability, and competing priorities. Federal agencies must make very different and complex decisions vs the private sector.
How do you counsel your customers and partners in terms of managing change required by government mandates?
Felipe – I encourage agencies to simplify operations as much as possible. They can do this by consolidating, integrating, or automating their architectures. This will help reduce human workloads and cost with less training, licenses, footprint, but increase Security Operations Center (SOC) performance with faster response time. There are lots of mandates but first and foremost we make sure agencies are following NIST (National Institute of Standards and Technology) frameworks and STIG (Security Technical Implementation Guides).
How is Fortinet Federal unique?
Steve – Fortinet Federal is a wholly owned subsidiary dedicated to bringing expertise and commitment to U.S. Government agencies, with a focus on meeting public sector priorities, standards, and evolving cybersecurity mandates. The team has been a trusted business partner of the U.S. Federal government for years. Fortinet has been a leader in performance, integration and automation which is important. We are not just one product or one offering and that is value for agencies. Another aspect that is important is our commitment to third-party validation and testing.
Felipe – The cyberattack surface is growing all of the time. Fortinet is the only vendor with capabilities across this expanding and complex environment—from the network edge, to the core, and to the cloud. The fact that Fortinet is focused on integration makes the effectiveness of the whole greater than the sum of the parts. And, we are not just products. Our mission is to provide our customers the industry’s best threat intelligence and professional services to protect them from malicious cyberattacks. Personally, I take pride in helping our customers achieve their mission.
Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization’s entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.