Many news outlets declared 2014 to be “The Year of the Breach,” especially for government. The title seems appropriate. Last year, the U.S. Postal Service (USPS), the Nuclear Regulatory Commission, the State Department, and even the White House fell victim to successful hacks that resulted in sensitive information being exposed to adversaries and the public.
And that’s just the beginning. Nearly every state experienced a government network breach during 2014, while simultaneously managing disruptions in commerce caused by hacks of companies such as Home Depot, Staples, and Target. Even localities were not exempt — Rapid City, N.D., and Napa, Calif., are just two cities whose websites were hacked.
Nevertheless, maybe we should reconsider that title and be a little more optimistic. Instead of “Year of the Breach,” can we consider 2014 to be the “Year of Lessons”? Maybe the “Year of Progress”? While government-at-large certainly faced setbacks in the cyber world, many agencies also took great steps toward security. At the federal level, commitments were made and plans drawn to better equip smaller entities with the resources and strategies necessary to protect their networks. Locally, many organizations created new partnerships and streamlined their internal systems to achieve greater security at less cost.
This guide explores how local, state, and federal governments have learned from successful attacks of the past to bolster their cybersecurity today. In this guide, we:
- Describe the level and impact of advanced cyberattacks on government agencies.
- Discuss five cybersecurity tactics that the public sector has deployed to mitigate risk.
- Provide two case studies from government to illustrate each tactic in action.
- Detail lessons learned from these government tactics.
The numerous cyber incidents of last year prove there is still more government must do to secure our nation’s networks. However, the case studies in this guide highlight that innovators in the public sector are already leading the way to enhanced cybersecurity.