Industry Trends

Ensuring Mission Continuity Through Federal Agencies Cybersecurity

By Bob Fortna, Jim Richberg, and Aamir Lakhani | April 05, 2021

Industry Perspectives 

Federal agencies are faced with a number of unique challenges when it comes to securing their sprawling IT networks—particularly because they protect some of the most sensitive data and face severe consequences around national security. Given the nature of this information, nation-state actors and cybercriminals are constantly seeking new avenues to infiltrate systems and gain access to this data. And with remote work and constantly evolving cyber adversaries cybersecurity is as top of mind as ever.

To learn more about the cybersecurity challenges facing Federal agencies, we asked Fortinet Federal’s Bob Fortna and Jim Richberg as well as Aamir Lakhani from Fortinet’s FortiGuard Labs threat intelligence team to share their perspective on how these organizations can effectively protect their critical data and infrastructure against advanced cyber threats.

Q: What are the most significant cybersecurity trends top of mind for Federal agencies now, from both a technology and threat perspective?

Bob - I have worked in the Federal sector for years and some concerns persist but of course new concerns appear as cyber threats evolve. With a sophisticated threat landscape, an expanding attack surface, continuous government mandates, and a growing cyber skills gap, cybersecurity is top of mind. Some specific topics that come up frequently are: persistent attacks from nation-state actors, protecting mission and agency data, ensuring security in a work from home environment, maintaining and upskilling a cybersecurity skilled labor force, secure cloud migration, and of course supply chain security. 

Jim - One of the biggest issues that is top of mind for agencies right now is not unique to only Federal agencies—that is securing against the hybrid threat they face today. Cyber adversaries are using sophisticated techniques and at the same time remote work creates new risks they must secure against. Where this challenge becomes unique to Federal agencies is that they have to follow requirements such as TIC 3.0 standards for cloud access and CISA’s guidance on remote telework. Some agencies, especially those with a significant geographically distributed presence, are finding greater efficiencies with security-driven networking approaches such as – SD-WAN and SD-Branch. These capabilities have enjoyed dramatic growth in the private sector because of their cost and performance advantages, along with greater operational flexibility.

Aamir - One of the top priorities for Federal agencies has been their cloud strategy. Cloud has always had a byproduct of enabling flexibility of work from a remote workforce. However, enabling remote access has become a much bigger priority during the COVID-19 pandemic and will continue as work patters adjust for the long-term. The challenge is that cyber adversaries are looking to take advantage of the expanding digital attack surface. Our threat reports last year show consistent data demonstrating how cyber  adversaries leverage timely developments consistently.

Q: Can you talk about risk and what it means for Federal agencies? How does it differ from industry concerns around risk?

Bob - Because the Federal government provides safety and security to the country, the stakes are much higher for Federal agencies. Most companies weigh the risk/benefit cost and make decisions based on that. The government cannot diminish risk when referring to national defense, healthcare, financial systems etc. That said, resources are not endless and they face fixed budgets, skilled labor availability, and competing priorities. Federal agencies must make very different and complex decisions vs the private sector.

Q: There are lots of mandates and guidance put out in the Federal sector for agencies to follow, how do you counsel your contacts in terms of managing these changes successfully?

Bob - We encourage agencies to simplify their operations by consolidating, integrating and automating their security architectures. By doing so, they will reduce dependencies on human touch at every step in the security stack, and reduce cost with less training, licenses, footprint, but with faster diagnosis or response time. There are lots of mandates but first and foremost we make sure agencies are following NIST (National Institute of Standards and Technology) and STIG (Security Technical Implementation Guides).

Jim - Agencies have to make choices in how they address IT modernization and cybersecurity, especially since the lengthy procurement cycle most agencies face makes it difficult for them to be on the cutting edge of technology. Regardless, there are many technologies that can address their needs and maximize ROI. For example, some agencies are finding SD-WAN can offer superior networking and strong security if integrated together. In addition, because many Federal agencies face even greater challenges in recruiting and retaining a cyber-workforce than the private sector, I counsel Federal decision makers to look for solutions that offer integration and automation as ‘force multipliers’ for their staff and as ways of freeing personnel to focus on tasks requiring human judgment and skill.

Q: Is it possible to sum up the threat landscape for Federal agencies in a few sentences? 

Jim - While the private sector and state or local government may be targeted occasionally by nation-state adversaries, Federal agencies are consistently targeted by these actors, including sophisticated Advanced Persistent Threats (APT). Moreover, while the private sector is often the victim of financially-motivated crime, Federal agencies are typically targeted for theft of data—intellectual property and national security information—which is often harder to detect. Government is also responsible for unique services such as running elections which combine complex technical challenges with issues of perception and public confidence. 

Aamir - Cloud attacks and application attacks are much more prevalent for Federal agencies. In other industries we are starting to see an increase in IoT attacks, but overall Federal agencies have implemented strong network access controls, but most attackers understand that Federal agencies have many web apps and other cloud-based access. Attackers seem to be focused on phishing and it is possible more sophisticated attackers have done reconnaissance and have targeted their phishing attacks to valuable targets. In addition, since attackers could use reverse shells and other attack methods, Federal agencies are starting to invest in cyber detection products such as deception based products, user and entity behavior analytics, and other network anomaly based systems.

Q: What is the one thing that makes Fortinet Federal different for Federal Agencies?

Bob - Fortinet has been a trusted business partner of the U.S. Federal government for years for many reasons. Fortinet has been a leader in performance, integration and automation which is key. In addition, Fortinet by design provides for security simplification by consolidating functions, reducing footprint, and lowering costs. We provide integrated solutions across the entire security stack from zero trust endpoints, to data center segmentation, to seamless hybrid cloud solutions. We are not just one product or one offering and that is value for agencies. Another aspect that is important is our commitment to third-party validation and testing. Testing of security products and solutions plays such a critical role in thwarting cybercriminals. We have the most when compared to our competitors and that matters to customers.

Jim - The cyberattack surface is growing in breadth, and Fortinet is the only vendor with strong capabilities across the breadth of this expanding and complex environment—from network edge to core to cloud. The fact that all of Fortinet’s products and capabilities are integrated makes the effectiveness of the whole greater than the sum of the parts—and this has been demonstrated by independent third-party testing. Cybersecurity is a complex and interdisciplinary field, and Fortinet excels in disciplines as distinct as cutting edge engineering to global threat analysis and path-breaking AI development. All of these capabilities are available to Federal partners in a range of form factors—from physical devices to virtual services—and in consumption models ranging from zero-touch ‘plug and play’ to manual use by an agency’s security and network operations teams.

Aamir - A true differentiator of Fortinet Federal is that it is backed by FortiGuard Labs’ actionable threat intelligence. We are not just products. Our mission is to provide our customers the industry’s best threat intelligence to protect them from malicious cyberattacks. Using millions of global network sensors, FortiGuard Labs monitors the worldwide attack surface and employs artificial intelligence (AI) to mine that data for new threats.

Another aspect that I am passionate about as well is our commitment to cybersecurity training. The Fortinet Network Security Expert (NSE) Program is an 8-level training and assessment program designed for customers, partners, and employees. Fortinet has opened up our entire self-paced catalogue of advanced NSE training courses. 

Learn more about how Fortinet Federal helps Federal agencies efficiently protect U.S. government data and critical infrastructure against advanced nation-state threats.