Cybersecurity threats come in all shapes and sizes. The trick is tackling the ones that register the brightest on the cyber threat radar.
Hord Tipton, the former chief information officer for the Interior Department and now the executive director of I(ISC)², says the never-ending problems with the technology supply chain need the most attention.
|Hord Tipton's Top 3 for 2013
- Further exploration of the weaknesses in the supply chain. — Today's hardware and software is built by many different players, often spread out all over the world through outsourcing and offshore manufacturing. While the threat of errors in the government IT supply chain is not a new problem, we are not addressing the problem as quickly -or at a level of equal complexity--as those operating with malintent. In 2013, we need to expect that nation states will attempt to bury code in devices that allows them to exfiltrate data, malware authors will attempt to add their payloads to out-of-the-box software or devices, and cybercriminals will attempt to collect credentials or account information. Especially given the fiscal challenges going into the new year and agencies looking to reduce costs, the federal government will be even more vulnerable to supply chain weaknesses.
- The importance of sound business continuity plans to the security of agency systems. — While residents of New York, New Jersey and surrounding Northeastern states are still picking up the pieces from the devastating impact of super storm Sandy, government agencies and business are also assessing the damage and taking a hard look at what they had (or in some cases, did not have) in place in the way of disaster recovery and business continuity. Since data will arguably be one of the most critical assets to protect and maintain for government moving into 2013, IT and security professionals will be put in the hot seat in times of disaster or attack. Any events that have the potential to impact government operations negatively, whether it's a Sandy or a targeted attack by cyber criminals, deserve a soundly constructed and tested plan that can "weather the storm" - whether natural, physical or logical.
- The refinement of nation state driven cyber weapons will advance and take on a more political overtone. — Cybersecurity in 2012 will forever be characterized by the emergence of high-impact nation state-driven attacks such as the Stuxnet worm, Duqu, and Flame and the many unsuccessful legislative attempts to protect our nation's critical infrastructure from these types of attacks. Moving into 2013, we can expect nation state cyber weapons to become more politically motivated, with the potential to cause greater damage against our nation's systems. With budgets tight and security personnel scarce, protection of critical infrastructure will be one of the nation's greatest causes for concern.