The much-anticipated Cybersecurity Executive Order—after a few transformations and draft leaks—was released a few weeks ago and as expected, garnered its share of praise and criticism. To distill it down to a Cliff’s notes version, here are some salient points:
- It brings cybersecurity to the forefront by holding agency heads accountable
- It is broad, covers government, critical infrastructure and publicly traded commercial enterprises
- It portrays urgency mandating multiple reports on assessments and state of risk posture within 90 to 150 days (some have a longer timeframe)
- It emphasizes and reaffirms a risk-management based approach
- It stresses the need for modernization and shared services
- It calls for collaboration and transparent processes to accelerate and enhance cyber defense
- It highlights cybersecurity education and training from primary through higher education
While agencies have been making strides in improving security posture, a changing threat and IT landscape, complexities introduced by new initiatives and a shortage of resources are posing challenges to this effort. The assessments called for in the Security EO require gathering data from across the agencies and correlating them to demonstrate implementation of security controls and assess gaps if any. This is a tall order, especially given the data classifications, program complexities and silos of operations that are dispersed across an agency.
The most important step in complying with the requests in the EO is to automate the data gathering and correlation process. Given an agency’s environment and that transformation initiatives are here to stay, here is a list of pointers to consider in a solution:
Flexibility: The solution must offer a framework that includes all the organization’s business process entities and be able to adapt to changes.
Scalability: Must account for growth, including the ability to quickly incorporate new activities, users and processes.
Central Management and Federated Access: Must provide centralized management through a single interface to ensure consistent, easy management and self-reporting, and organization-wide access to stakeholders through role-based access control.
Data Source Agnostic: Must quickly interface with any and all data sources required to monitor, assess and meet compliance demonstration and reporting requirements.
Extensibility: Must go beyond compliance and seamlessly enable proactive security measures to enhance information protection against any threats—internal and external. Data collected once should be usable across the organization, beyond security and IT, extending return on investment (ROI).
Real-Time Architecture: Must aggregate log data and other relevant information from across the agency in real time to achieve accurate situational awareness and alert on deviations from desired outcomes.
Customization: Must be able to query and build inquisition mechanisms and visualizations reflecting stakeholders’ needs and a changing environment to effect quick decisions.
Splunk is a leader in compliance and security solutions. It is extensively used in government agencies and has been selected as the Data Integration Solution for the Continuous Diagnostics and Monitoring (CDM) program for 25 Federal Civilian Government Agencies. Chances are someone in your agency is already using or considering using Splunk. Let us know how we can help. With short timeframes for compliance, a proven solution would be your ticket to success.
Until next time,