Burnin' Down the House

06/25/2015 09:14 am ET | Updated Jun 24, 2016

Smokey the Bear says, "Only you can prevent wildfires." Now, that wildfire is the OPM breach. Yesterday it was the IRS. The day before that, it was Snowden.

Tomorrow, it'll spark up somewhere else.

Federal cyber pros are sounding the alarm. They are spending too much time fighting cyber fires. The old approaches and point products aren't working -- agencies need real change and a holistic approach to fight today's threats, as well as new challenges smoldering for tomorrow.

Fanning the Flames

According to recent research, "93 percent of Federal executives indicate cyber defenses need significant improvement," but only 56 percent are assessing their networks daily to analyze and address security risks.

Einstein doesn't look so smart right now -- understand the intrusion detection system held the door open at OPM. CDM wasn't enough. Fire likes oxygen -- how do agencies choke the flames?

Dousing the Fire

An ounce of prevention is worth a pound of cure -- and some cyber pros agree that an effective cyber posture is a combination of people, processes and tools.

Many are turning to the NIST Framework for Improving Critical Infrastructure Cybersecurity as a comprehensive strategy to prevent the fire drills. The framework was developed in a year-long, collaborative process between industry, academia and government stakeholders. It's designed to work in any enterprise -- public or private.

Want to learn more about the NIST Framework? Check out the abridged version. This Framework assessment tool helps agencies determine your cyber security capabilities and set goals for your future defense. NIST suggests organizations use the Framework to:

  • Conduct a basic review of cyber security practices
  • Establish or improve a cyber security program
  • Communicate cyber security requirements to stakeholders
  • Identify new or revised references for solutions

Stop, Drop, and Roll

Don't forget to test your smoke alarms. And if they go off, don't ignore them. This said, alarms and point products won't keep you safe, and won't keep you off the front page of the Washington Post. Check out the Framework to jump start your comprehensive, integrated cyber defense. Smokey's smiling.