Note: This article first appeared on Federal News Network
For many years, federal agencies treated data as something to guard at all costs, resulting in redundant and disconnected systems across government.
Things have changed in recent years. The world’s health, defense and intelligence crises have evolved, and so have federal agencies’ data sharing perspectives. Agencies now largely embrace data sharing as a means to accomplish mission objectives. They also increasingly recognize that sharing data is critical to maintaining strong cyber postures. Sharing of cyber-related data enables agencies to collaborate in analyzing threats, assessing vulnerabilities and mitigating risks. Applying technologies to enable smart data sharing can support these priorities.
Enabling trusted access to cyber data across organizational lines
Legislation such as the Cybersecurity Information Sharing Act of 2015 and the creation of the Cybersecurity and Infrastructure Security Agency demonstrate the federal government’s focus on breaking down the barriers to sharing cyber data. Meanwhile, new technologies are coming to the fore that federal agencies can use to improve their cyber postures and reduce the risk of cyber intrusions.
But where should agencies focus?
Technologies that augment secure inter-agency and intra-agency data sharing are paramount. Solutions that evolve beyond role-based access control to a more finely tuned attribute-based access control (ABAC) model may encourage increased data sharing across organizational lines. ABAC instills greater confidence that the system is limiting access based on fine-grained attributes that the members of the data-sharing ecosystem have agreed upon. For example, restricting authorized user access to shared data to specific times (business hours) and physical locations (government office).
ABAC allows for policy enforcement across data stores to minimize risk in a manner consistent with zero trust principles. Agile capabilities and solutions such as these enable federal agencies to automate the management of the data — including data residing across varying classification levels — so that they can implement fine-grained access controls at any classification domain layer.
As agencies work to address requirements for network visibility set forth within the Executive Order “Improving the Nation’s Cybersecurity” — and, at the same time, move from centralized network architectures to edge and cloud computing — capabilities that support ABAC will further enable data-sharing and discovery across agencies, networks and systems. Cloud based data sharing promotes efficient access and discovery of data across and between organizations, while maintaining confidentiality, integrity, availability and non-repudiation.
Maintaining data integrity in a smart data-sharing environment
Agency data, including data relevant to the agency’s cyber posture, can be highly sensitive. Data owners want to control access to mitigate the risk of data compromise. Blockchain technology can provide the robust audit traceability that such a regimented environment demands. It also provides access validation, supporting these requirements through a persistent chain of custody. Blockchain delivers a traceable, verifiable record of who accessed the data and whether that user made any changes to the data while it was in their custody. In the event that an internal or external adversary enters the system and compromises data, the breach is detectable, identifiable and attributable.
Blockchain and similar distributed ledger technologies empower data owners with greater control over data, giving them the ability to efficiently maintain chain of custody. This is critical, given the complexity of data-sharing processes within the public sector.
Applying threat detection to improve cyber posture
All things considered, the increasing buy-in regarding smart data sharing and secure data access across government has kick-started a paradigm shift. Leaders recognize that significant insights can be gained through: 1) the ability to connect all of the pieces together, and 2) greater visibility into information sources (e.g., perimeter, agency network, user behavior, known vulnerabilities and attack vectors through commercial providers).
As agencies introduce additional cybersecurity tools into their ecosystems such as technologies to support endpoint threat detection and response, they will further benefit from solutions that provide the ability to holistically monitor real-time threat data. As such, threat hunters will be able to more effectively address non-remediated threats within an organization’s network. This is obviously important as it pertains to data in our defense and intelligence networks, but it’s equally critical for civilian agencies that have faced ongoing threats to personally identifiable information and financial data within and across their networks.
A combined approach of attribute-based access controls, blockchain technologies and adoption of real-time threat analysis solutions allows for both cloud and agile data sharing while maintaining control of the data and its chain of custody. When looking to enable data sharing while protecting data, federal agencies should make sure they have both capabilities at play.