By Travis Rosiek Federal networks are under assault as cyber threats grow more sophisticated, automated and artificial intelligence-driven. Nation-state actors and cybercriminals are leveraging AI to launch stealthier attacks. The Department of Homeland Security’s report, Mitigating Artificial Intelligence (AI) Risk, highlights a spectrum of threats — from AI-enabled supply chain disruptions and intellectual property theft to attacks meant to disrupt critical infrastructure.
As cloud adoption grows and Internet of Things devices proliferate, the scope of vulnerabilities continues to expand. In this threat environment, cybersecurity measures alone are insufficient — federal agencies must prioritize a resilience-first strategy that incorporates zero-trust principles, real-time monitoring and data recovery plans.
Challenging resilience myths is also vital to protecting federal infrastructure. Despite perceived progress, adversaries’ capabilities and attack surfaces are outpacing federal defenses, which have not adapted to evolving tactics, techniques and procedures.
Government experts say cyber resilience is the new cybersecurity.
Federal cybersecurity leaders are advocating for a resilience-first mindset. However, there has been little focus, prioritization or investment in ensuring that federal systems can withstand a cyberattack and recover quickly. This lack of preparedness contributes directly to the impact of recent spikes in ransomware. “Assuming our adversaries still come at us, and our defenses improve, we must still plan to be resilient. We must ensure cyberattacks have limited impact, quick recovery, and minimal disruption. There are mitigations that must be made to reduce our exposure, even when hacks are successful,” said Rob Joyce, former director of cybersecurity at the National Security Agency, during his opening testimony before the House Select Committee on the Chinese Communist Party in March.As threats grow more sophisticated, agencies cannot rely solely on backups, as this approach can create a false sense of security and lead to complacency. Instead, agencies should adopt an “assume breach” mindset — focused on limiting adversaries’ movements and preventing access to critical assets — to minimize the impact of cyberattacks.
Given these risks, agencies should consider three strategies to strengthen their cyber resilience:
- Adopt trusted security frameworks, focus on data safeguards, and foster continuous improvement. To improve cyber resilience, agencies should start by following federal guidance, such as the National Institute of Standards and Technology’s special publication, “Building Cyber Resilient Systems.” This publication sets out principles to help organizations anticipate and withstand cyberattacks, quickly recover from disruptions, and adapt to threats. Additionally, the updated NIST Cybersecurity Framework (CSF) 2.0 highlights the importance of data backups and recovery measures.
Alongside these standards, agencies should use threat-based models like the MITRE ATT&CK®framework. ATT&CK® offers an overview of real-world adversary tactics and techniques, giving organizations the intelligence they need to make security measures proactive and focused on threats.
According to Ron Ross, a former fellow at NIST, prioritizing essential controls — such as data encryption, multifactor authentication and access management — can reduce the risk of cyberattacks if they are consistently implemented.
Continuous improvement is equally important to stay ahead of evolving security standards and actively share insights across the cybersecurity community.
- Prioritize training, tabletop exercises and cross-agency collaborations. These efforts ensure that teams are well-prepared to respond decisively during and after a cyberattack. Tabletop exercises help identify gaps in response protocols, build muscle memory and foster an understanding of roles and responsibilities under pressure. Continuous training keeps personnel informed of emerging threats and evolving best practices, while coordinated planning across departments enhances overall situational awareness and response agility.
Equally important are strong communication channels between agencies and with private sector partners. Major organizational changes have occurred this year, and it’s crucial to prioritize and update them.
Cyber incidents rarely happen in isolation, with one agency likely encountering and mitigating what another has already experienced. Leveraging those experiences and adopting proven best practices can prevent repeated vulnerabilities and reduce the threat landscape. Shared intelligence, joint investigations and transparent information exchange are also critical to stay ahead of adversaries and build a unified government cyber defense.
- Boost resilience through Zero Trust to contain attacks and accelerate data recovery. Zero Trust has evolved from an optional security add-on to the government’s blueprint for cybersecurity. Research shows that organizations with advanced Zero Trust programs now slash breach costs by more than $1 million when multi-factor authentication, continuous monitoring and automated data recovery and response are deployed. However, protecting data during attacks and eliminating implicit trust in backups should also be a top priority for agencies seeking to meet federal zero-trust objectives and build cyber resilience.
Furthermore, security teams can contain breaches and restore systems by adopting the “never trust, always verify” approach to data and network access. Beyond prevention, it’s the federal standard for resilience and data recovery amidst AI-enabled attacks and sprawling cloud workloads.
Go beyond relying on data backups to achieve cyber resilience.
While data backups remain essential, blindly trusting legacy backup approaches creates a false sense of security. Simply “setting and forgetting” backups or treating them as a checkbox exercise confined within IT, often means they are not integrated with an organization’s security operations. As a result, backups are overlooked until an attack occurs — or until it’s too late. This complacency is particularly concerning given that a striking 71% of chief risk officers anticipated organizational disruptions due to cyber risks and criminal activity.
In closing, agencies must act to strengthen cyber resilience and secure government operations against threats by embedding zero trust principles, prioritizing training, accelerating cross-agency collaboration and adapting to AI-driven risks — ensuring mission continuity even after attacks.
Travis currently serves as the Public Sector CTO at Rubrik helping organizations become more cyber and data resilient. Prior to Rubrik, Travis held several leadership roles including the Chief Technology and Strategy Officer at BluVector, CTO at Tychon, Federal CTO at FireEye, a Principal at Intel Security/McAfee and Leader at the Defense Information Systems Agency (DISA).
The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik.
]]>
Read more here:: www.nextgov.com/rss/all/