Industry Trends

Securing IT Modernization at The Federal Level

By Shelly Scarpelli | March 31, 2018

Federal agencies and critical infrastructures have long been a focus of cybercriminals with varying motivations. Cybercriminals, hacktivists, foreign governments, and more target these agencies as a means of collecting personally identifiable information on citizens, accessing confidential government information, or to generally halt or disrupt daily government operations. Aside from cybercriminals with malicious intent, federal agencies are also susceptible to data leakage and threats carried out unknowingly by insiders, with 54 percent of respondents to a recent survey identifying careless employees as a top threat to government networks, as compared to foreign governments at 48 percent.

Even as federal IT leaders work to fortify their networks against cyberattacks, other issues such as legacy IT, and limited budgets, security resources, and IT personnel, especially those with cybersecurity expertise, have meant agencies still remain at risk of phishing and DDoS attacks, malware, ransomware, and more.  

Cyber Risks to Federal Agencies and our Nation’s Critical Infrastructure

While cybercriminals continue to target federal agencies for the wealth of information they can provide, those organizations that fail to increase security controls and policies will face inevitable breaches from increasingly sophisticated attacks.

As we have recently seen, critical infrastructure is especially at risk of advanced threats, especially those attacks that leverage modern technology to more effectively locate vulnerabilities and then rapidly deliver multi-vector attacks that leave minimal response time for IT teams. Complicating things further, sophisticated botnets such as Reaper are also now leveraging automation and swarm technology to carry out attacks that can be updated with new vulnerabilities based on specific targets. In addition to sophistication, the modern threat landscape is also about just plain old volume. According to FortiGuard Labs’ recently published Threat Landscape Report for Q4 2017, attacks are also now occurring more frequently, up 82 percent per firm over the quarter before, while malware families and variants are up 25 percent and 19 percent, respectively.

As cybercriminals make their arsenal stronger, faster, and larger, most traditional security solutions and policies no longer provide sufficient protection at the federal level. 

Modernization of Federal IT

Lawmakers have long realized the risk to critical infrastructure and federal agencies that derive from outdated equipment and processes, and are taking steps to change that. In 2017, both the Modernizing Government Technology Act and the Cybersecurity Executive Order were signed in order to accelerate the modernization of both federal infrastructure and cybersecurity.

The Modernizing Government Technology Act will create a fund enabling agencies to retire legacy IT systems and pursue digital transformation. A strong emphasis is being placed on moving federal workloads to secure clouds and cloud-hosted applications, while also updating government applications. The Cybersecurity Executive Order also emphasizes the modernization of government technology as a means to enhance cyber defenses and make federal agencies less susceptible to advanced threats.

However, with the limited resources that many agencies have available, many are concerned that modernization without having the security tools in place designed to support these new deployments will actually exacerbate risks. A recent survey of IT decision-makers in the federal government showed that 66 percent cite IT modernization as a primary cause of increased security challenges.

To effectively modernize federal agencies while accounting for limited staff, modern network defenses must be deployed alongside and simultaneously with new IT investments. Integrated security solutions that utilize automation and machine learning ensure that risks are detected and mitigated in real time, while relying less on manual efforts from IT teams.

Securing Federal IT Modernization

To that end, Fortinet has recently launched several new solutions that leverage automation and artificial intelligence which promise to usher in the next generation of cybersecurity. As federal agencies begin to modernize infrastructure, incorporating these solutions will ensure robust security that can seamlessly adapt as each new solution is adopted.

  • FortiOS 6.0
    This recent release delivers more than 200 new features across the Fortinet Security Fabric, further enabling the integration of security solutions across distributed environments. FortiOS 6.0 provides broad, automated visibility and protection across multi-cloud environments, IoT and endpoints, as well as email and web applications. These are especially crucial capabilities as federal agencies move workloads to the cloud. FortiOS also includes expanded cloud connectors that give visibility into private, public, and SaaS clouds, in addition to enhanced SD-WAN functionality and threat detection.
    As federal agencies begin to move away from their legacy IT, they must also begin to move away from legacy point security devices and platforms and instead establish a holistic, architectural approach. Increasingly elastic infrastructures have stretched legacy solutions to their limits, meaning agencies must adopt new capabilities to ensure the security of their modern deployments. 
  • FortiGuard AI
    FortiGuard AI uses machine learning to automate the gathering and analysis of threat intelligence in real time. This reduces the time that IT teams must spend manually reviewing and collating the data of each security incident detected. Cybercriminals have been increasingly incorporating automation and artificial intelligence into their attacks. This allows attacks to be carried out faster and more frequently, making them more effective and impactful. With FortiGuard AI in place, threat intelligence collected from our three million sensors deployed worldwide is collected and distributed to each solution deployed throughout the Fabric, allowing agencies to fight sophisticated threats within their network at machine speeds.  

Final Thoughts

As federal agencies begin to modernize legacy IT infrastructure as a means to meet the demands of our emerging digital economy, they must also update their legacy security IT with solutions that can support these modern, distributed environments. Enhanced visibility, integration, and automation will be necessary to defend critical infrastructure from sophisticated attacks. These next-generation tools from Fortinet promise to secure IT modernization across federal entities.

You can read the full news releases announcing Fortinet’s FortiOS 6.0 and FortiGuard AI service in our newsroom.

Read this solution guide to learn how the Fortinet Security Fabric takes the complexity out of security with integration and automation across all cloud environments.

Read more about Fortinet’s solutions for Federal Agencies.