In cybersecurity as in national security, remembrance and eternal vigilance are essential to maintaining our freedom.
Our nation has seen many changes since its founding 240 years ago, and it still is functioning pretty well despite the fact that our security and economy today depend largely on technology that did not exist a little more than a generation ago. But the keys to protecting our liberty and promoting the general welfare remain the same in cyberspace as in the real world: remembrance and eternal vigilance.
Those who cannot remember the past are condemned to repeat it
During our Independence Day celebrations we remember the challenges our nation has faced and the lessons we have learned from them. George Santayana wrote, “Those who cannot remember the past are condemned to repeat it.” The threats we have faced in the real world are varied, but we have learned from them and meet them with a strong defense and national resolve. Unfortunately, this is a lesson we still are learning in cyberspace. Despite repeated high-profile breaches of government information systems, our cybersecurity remains incomplete.
A recent evaluation by the Government Accountability Office found that 18 Executive Branch agencies with high-impact systems—those holding sensitive information whose loss could cause catastrophic harm—rated cyberattacks from nation-states as the most dangerous and frequently-occurring threat these systems face. Yet although there are regulatory requirements and technical guidance from the National Institute of Standards and Technology, a review of four agencies found cybersecurity gaps in their high-impact systems.
“Until the selected agencies address weaknesses in access and other controls, including fully implementing elements of their information security programs, the sensitive data maintained on selected systems will be at increased risk,” the report concluded.
Agencies should be constantly monitoring the status of and activity on their networks and attached systems
One of the basic principles for fully securing our information systems was recognized nearly 200 years ago: “Eternal vigilance is the price of liberty." Thomas Jefferson and the others to whom this statement has been attributed were not talking about cybersecurity, but it applies just the same. The Homeland Security Department has made continuous monitoring the standard for federal cybersecurity. This means that instead of static, periodic assessments of IT systems every month, year, or three years, agencies should be constantly monitoring the status of and activity on their networks and attached systems. This level of visibility allows agencies to not only respond quickly to incidents, but to be proactive and eliminate or mitigate threats before they become incidents.
This standard is supported by the Continuous Diagnostics and Mitigation (CDM) program, and by a Blanket Purchase Agreement through the General Services Administration. This makes available off-the-shelf technology to give real-time visibility into government networks and systems. Products such as the Tenable SecurityCenter Continuous View™ provide this vigilance so that agencies can ensure that their systems are protected, and the intelligence needed to protect our most valuable assets by defending against the most serious threats.
Security and liberty
In recent years attention has been paid to an apparent conflict between security and liberty. Yet while it is true that liberty can be threatened by abuses in the name of security, the two are not mutually exclusive. In fact, there is little liberty without security. As with so much else, this applies in cyberspace as well as the real world.
There is little liberty without security
Without adequate security, we cannot have the freedom to access and use information online with confidence, we cannot rely on the privacy of information that we use in online transactions, and we cannot depend on the delivery of critical services by our government. We achieve that security by remembering and learning from the lessons of the past, and by exercising eternal vigilance.
Cybersecurity News You Can Use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.