The government's increasing reliance on private-sector IT contractors and the growing adoption of mobile devices and BYOD policies have in many ways blurred the lines of the traditional network perimeter. Security officials increasingly are concerned about identifying who's accessing which parts of their organization's network.
"For insider threat, it's very difficult. Once you're on the network, everybody looks the same," Lay says. "Insider threat really boils down to monitoring behavior, heuristics, finding out if ... something look[s] askew or out of the ordinary [and] warrants closer attention."
The evolving continuous monitoring systems under development are meant to act as an early warning system to identify emerging threats and potentially vulnerable systems and applications. But those processes, facilitated by sensors positioned throughout the network, can pose an additional challenge in the form of how to make meaningful inferences from a constantly growing dataset.
"Our struggle is to tie all the information, all the feeds, the speeds from our sensors into a pool of information that can be filtered and boiled down into actionable information so our administrators [and] investigators have something to work with where they don't feel like they're boiling the ocean," Lay says. "It poses a huge problem."
Government Big Data Presents 'New Frontier for Cybersecurity'
Lay says that the State Department's current continuous monitoring system gathers "well over" 2 terabytes of data each day. It's an unwieldy trove that quickly multiplies when the department's security team wants to conduct a threat analysis over a substantial period of time.
"If we want to do trending over a year, we're looking at basically a petabyte database," he says. "That's huge big data, and that's a new frontier for cybersecurity experts, so it really becomes a big data issue that we have to overcome."
While some of the security challenges associated with virtualization and the cloud are common to all federal agencies, those that regularly engage with the public through their online systems have additional considerations.
Regulatory agencies such as the FCC are bound by law to collect comments from the public as part of the normal rulemaking process. The commission recently closed its comment window for its contentious open Internet, or net neutrality, rules. The response was overwhelming, says Skudlarek, who describes that process, and the more than 1 million public comments that poured in, as "the Pandora's box ... that's opened up for us."
"We find ourselves having lots of interactions with stakeholders and the general public, and we find that that causes certain activities within our networks and our public-facing systems that bear close monitoring," Skudlarek says, hinting without elaborating that the FCC's systems have been targeted by malicious actors through the comment process.
Sign up for Computerworld eNewsletters.