Feds at the Edge FedInsider

For the video of this podcast: Bringing Agility to the Modern Security Operations Center 
Follow FedInsider on LinkedIn 
Today, we look at protecting critical infrastructure called Operational Technology (OT). One might think, what does a sensor in a water filtration plant have to do with my servers?
OT can be considered as hardware on premises. Some are old and it is quite expensive to update.
For years, IT leaders did not have to worry about security because IT and OT were separated by air gaps. However, today we see a convergence where the IT department is being placed in charge of protecting both IT and OT.
The first challenge to overcome is discovering what is on your network. We are looking at physical devices, virtual devices, and virtual devices in the cloud. Inventories need to be tracked, and some will argue the cloud will permit IT/OT systems to be easier to be configured in an automated fashion.
During this interview, compliance is a topic that is discussed in depth. We all know about IT compliance like NIST 800-53; few realize that OT has federal compliance regulations as well. The real issue, should an OT systems administrator have to do repetitive work to comply with IT mandates?
Marty Edwards from Tenable remarked that he has seen up to 80% similarity in compliance standards. As a result, today, committees are meeting to make sure they can eliminate redundance in compliance for OT vs. IT.
Malicious actors are always looking for the “Easy Button” when it comes to system penetration.  If federal leaders aren’t careful, remote sensors can provide a launch pad for the next cyber event.
 
 

For the video of this podcast: Boosting Cybersecurity Power for State, Local Government and Education. 
Follow FedInsider on LinkedIn
In professional baseball, winning championships does not depend on having a large budget. Like talented members of a pro-league team, there are some government agencies that just seem to “get it” when it comes to cybersecurity, despite being straddled with limited funding.
This week on Feds At the Edge, we’ve got an all-star lineup, including James Weaver, Secretary and State Chief Information Officer from the North Carolina Department of Information Technology will lead the way through how their prevention system which includes a Joint Cyber Task Force could be a model for other states, even while leveraging federal initiatives and taking advantage of training programs. He also delves into the gap in cybersecurity defenders with over 21,000 job openings in his state alone at a time when need is at a critical high.
Eudora Fleischman, IT Infrastructure and Cyber Security Division Manager of the City of Fairfield, CA, highlights programs by the Cybersecurity & Infrastructure Security Agency (CISA) that offer guidelines, working groups, and funding presentation assistance to local governments and educational institutions.
Experts agree that one key part of preparation, partnering with experienced commercial organizations, is crucial for preventing cyber-attacks.
Tune in on your favorite podcasting platform as we explore how local governments and educational institutions can utilize these resources to compensate for limited cybersecurity funding.

For the video of this podcast: After an Attack: Cyber Recovery Best Practices for State & Local Agencies.
Follow FedInsider on LinkedIn
Mike Tyson’s famous quote, “Everyone has a plan until they get punched in the face,” is a fitting analogy for the unpredictability and impact of a cyber-attack.
In this week’s Feds At The Edge podcast, we have a brutally honest conversation about a topic nobody wants to address: the step-by-step process of recovery from a cyber-attack.
We explore the importance of isolating the hypervisor to establish secure virtual domains and firewalls after an attack with Solomon Adote, Chief Security Officer with the Delaware Department of Technology and Information.
James Thurmond, Deputy CISO with Los Angeles County, introduces the concept of an emergency “break glass” account, that provides systems administrators with a reliable starting point for recovery. And Danny Page, Inside Sales Engineer from Rubrik, stresses understanding the full scope of an attack, including unnoticed data exfiltration, for effective recovery.
Detailed playbooks created from tabletop exercises should include contact information, an accurate inventory of all assets, and specific action steps to follow during an attack.
Tune in on your favorite podcasting platform to hear our experts discuss how balancing prevention and recovery skills is essential for managing sensitive data systems.

For the video of this podcast: How to Fight Threats to the Software Supply Chain  
Follow Fedinsider on LinkedIn 
The federal government is playing a game of cyber-attack-a-mole with bad actors, constantly adapting to their threats but ultimately driving them to other areas, such as targeting endpoints or applications to find a weak point not being monitored.
This week on Feds At the Edge, we are focusing on sophisticated attacks on federal applications and APIs.
Jerry Cochran, Deputy Chief Information Officer and Director of the Cybersecurity & DigitalOps Division from Pacific Northwest National Laboratory, shares how the once popular Software Bill of Materials has weakened over the years thanks to the constant change of code.
AI can help detect vulnerabilities in dynamic code, but attackers also use AI to find weaknesses. Instead of signature-based approaches, Nate Fountain Deputy CISO from ICE, suggests using behavior analytics to prevent compromised code from exfiltrating data.
Tune in on your favorite podcasting platform as our experts discuss the ongoing battle.

For the video of this podcast: Using Data to Fortify Network Defense 
Follow FedInsider on LinkedIn
Years ago, anti-virus software updates were distributed via floppy disks through the U.S. Mail. Today, due to the vast and complex nature of cyber threats, continuous diagnosis and mitigation (CDM) is necessary.
This week on Feds At the Edge, we explore how to deploy CDM solutions for federal agencies, starting with best practices and guidance for the transition.
Andrew Manos, Director, Commercial Services for True Zero Technologies, suggests that, given today’s data volume, centralizing data is essential. And James Scobey, CISO for the SEC, notes the increase in data has led agencies to seek solutions like cloud technology, which allows for data management across various environments via APIs.
Tune in on your favorite podcasting platform to hear our experts discuss how advanced practices such as inter-agency data sharing can be considered, once a mature approach to CDM is viable.
 

For the video of this podcast: Hard Truths of Data Security in the Public Sector 
Follow FedInsider on LinkedIn 
Having a completed checklist can give agencies a sense of security, but with today’s explosion of data and potential attack from an unexpected vector, have they been falsely “lulled into complacency?”
This week on Feds At the Edge, we sit down with Travis Rosiek, Chief Technology officer with Rubrik to discuss the importance of strategic protection, especially during vulnerable times like employee departures and holidays. And avoiding data hoarding to prevent hidden attack codes.
We’ll explore Rubrik’s Zero Labs report which highlights significant growth in data, cloud, and SaaS usage, with public sector data sets reaching 250 million. Best practices to protect against attacks include identifying data storage, prioritizing sensitive data, and managing access.
Tune in on your favorite podcasting platform as we talk about moving beyond compliance and thinking strategically to safeguard your agency.