Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move their culture, processes and technology to a mission-centered cyber response.

What is a mission-centered cyber response?

Each government agency exists to give citizens access to critical services, such as Medicare claims or Veterans Affairs services. These agencies must focus not only on serving their stated mission but also on protecting their ability to meet their mission in the future.

Many citizens get services through online channels, which makes it imperative to reduce the risk of cyberattacks and create a response plan to reduce delays in services. Additionally, federal employees use digital tools to serve citizens in person. To make sure that they continue to serve their missions without disruption, agencies must protect key infrastructure and take all precautions, including practicing cyber incident response.

“Cyber is not simply a technical issue. When there is a cybersecurity incident, that can negatively impact the lives of the people who you are trying to help,” says Claire Nuñez, content and design lead at IBM X-Force Cyber Range. “In a commercial organization, cybersecurity attacks are a business problem, while in federal agencies, cybersecurity actually becomes a mission problem.”

When a crisis like a cyberattack arises, agencies can use their mission to set priorities. For example, many agencies have human life as their first priority and operational impact as their second. The goal is to first provide necessary services at an acceptable level where people’s lives aren’t impeded and then move to a full recovery of services.

Preparing the whole organization for a cybersecurity response

By involving the entire organization in cybersecurity preparation and response, federal agencies can put a mission-driven response into action. A key part of reducing cybersecurity risk starts with team members with the right skills to prevent and respond to a cybersecurity attack effectively. This includes not only IT but also multiple departments within the agency to address different facets of both processes.

Legal and general counsel

Because a cybersecurity attack and response bring many legal ramifications, the agency’s general counsel often acts as the right hand to the security department and must be involved throughout the process. Federal agencies must comply with regulatory standards for cybersecurity along with any state standards, such as California’s privacy laws.

Labor and human resources

One of the chief roles of labor or HR departments in a crisis is planning and providing surge support. To swiftly respond to a crisis, organizations often need more hands on deck than usual. This support can range from technical employees to citizen-facing representatives. Employees can burn out quickly in a crisis and surge support can lessen the workload.

Employee communication

It’s imperative that employees and citizens maintain their trust in the agency throughout the response. Labor and communications teams can work to create a plan for employee communications during a cyberattack to make sure everyone has the key information needed to continue upholding the organization’s mission throughout the crisis and response.

External communication

Keeping all critical parties informed during the response to a cybersecurity incident is a vital part of a mission-driven response. Citizens, other federal agencies and law enforcement all need to receive regular communication from the affected agency. Because each group needs different information, creating a plan in advance with responsible parties helps reduce the chances of a breakdown when clear and frequent communication is most needed: in the middle of the response.

“Everyone in the agency needs to work together to keep the response moving together,” says Nuñez. “Labor and HR and communications have to work together to get messaging out, while legal approves all communications. The workstreams happen independently but must also have capillaries between them.”

Explore the X-Force Cyber Range

Shifting the culture to a mission-centered response

While it’s easy to focus on processes and roles, having an effective response depends highly on the security culture of the agency. Nuñez says that every organization has a security culture, whether the agency actively works on that culture or not. The goal is to create a security culture where every employee sees cybersecurity as a key part of their role and understands that a cybersecurity breach makes it challenging, if not impossible, for the agency to fulfill its mission.

“You need all your employees engaged to be ultra-secure and to kind of take your risk level down. And it’s not just an effort from a cybersecurity team; it’s an effort from everyone. Security culture can’t really exist without leadership support,” says Nuñez. “Security must be fully embedded throughout the organization. Once a leader brings cybersecurity into conversations all of the time, the conversations naturally happen both laterally and from the top down.”

Providing training to all employees

Training for a whole organization’s cybersecurity response involves cybersecurity training for all employees. The type of training needed is twofold: technical and practical. The technical team should engage employees in tabletop training, such as capture the flag or war games. All employees need to be trained to know how to spot cybersecurity concerns, such as recognizing phishing emails. They also need training on the process of reporting security concerns promptly.

Leadership teams also need to schedule practice events. This should include testing emergency communications to make sure they work as planned and that employees know their roles and tasks. Additionally, training should consist of large-scale training practices, such as walking through agency-specific playbooks and immersive experiences at cyber ranges.

“Training should range from the small things, such [as] making sure all documents are updated with the right contacts, to actually sitting down to practice and validate all of your plans and processes,” says Nuñez.

Moving forward with a mission-driven response

By moving to a mission-driven response now, government agencies can begin to proactively prepare for a cyberattack. With the newly released guidelines on cybersecurity, a mission-driven approach provides the framework and culture to meet requirements.

Ready to learn how IBM can help your government agency create a mission-driven response? Click here to book a meeting.

More from Risk Management

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today