Last year, the Oct. 1 start date of the federal government’s fiscal year became big news when political rifts resulted in a government shutdown that lasted 15 days and cost the country billions of dollars. This year's new fiscal year has arrived without much fanfare, but that doesn't mean that there aren't plenty of high stakes at play.
Federal IT spending is expected to decrease in fiscal year 2015 due to budget challenges, and that may force many government agencies to put cybersecurity solutions on the back burner. The key word is may; it's all about how various agencies decide to prioritize their limited spend. Some may decide to use their limited budget on other priorities, viewing cybersecurity as a mere insurance policy. But as recent security breaches in the private and public sector alike have shown us, it's far more than that.
Simply put, failing to proactively invest in cybersecurity is a gamble—not only in terms of consequences, but in pure financial terms. The cost of remediating a successful cyberattack far outweighs the cost of the services that could prevent it in the first place. You're talking about tens of millions of dollars in technology services and man hours, and that's assuming that you detect the threat. Even relatively unsophisticated cyber-intrusions can take up to 120 days to detect.
So what should government agencies do given a limited budget?
One of the easiest solutions is to take advantage of the Einstein 3 Accelerated(E3A) Intrusion Prevention Security Services that the U.S. Department of Homeland Security (DHS) offers to federal civilian agencies to assist with monitoring and preventing security threats.
Essentially, the E3A program serves as a subsidized advanced cybersecurity offering for individual agencies. Reporting on the program, Information Week described it as a managed service that "raised the bar for security technology" and could pay true dividends to individual federal agencies as they work to up their cybersecurity measures. In addition to detecting malicious traffic, E3A will also halt that traffic before it can do real damage, reports Government Computer News.
DHS underwrites the program, making it a cost-efficient solution, even though agencies might still need to transition some resources to take full advantage of it. CenturyLink is currently the only operational provider of Einstein 3 Accelerated (E3A) services, presently protecting approximately one quarter of federal civilian end-users across multiple departments and agencies.
Even with this program in place, CenturyLink's Vice President and Chief Security Officer David Mahon acknowledges that cybersecurity is an ongoing battle. "We urge Congress and DHS to place a renewed emphasis on workforce development in the cyber arena and to continue to invest in research and development for new cybersecurity technologies," he told the U.S. Senate Appropriations Subcommittee on Homeland Security earlier this year. Ultimately, the federal government needs to fund more programs like E3A that protect the government as a whole, instead of a patchwork solution that puts the burden on individual agencies. The latter keeps costs high, and it leaves agencies vulnerable. That's a combination that no one wants.
