via Government Computer News
A continuing series of high-profile security breaches, capped by reports that the Google Gmail accounts of some government and industry officials have been compromised, illustrates the need for agencies to focus on the basics of cybersecurity, government security officials said June 2.
“Do the simple things well,” advised C. Ryan Brewer, chief information security officer of the Centers for Medicare and Medicaid Services. That includes understanding your network, monitoring it to provide near-real-time situational awareness, and enforcing configuration and patch policies that are prioritized based on vulnerabilities and risk.
The Homeland Security Department has been giving classified briefings on recent attacks to agency CISOs, said Matt Coose, director of the federal network security branch of DHS’ National Cybersecurity Division. He said the advice being given focuses on information security controls that already should be in place.
Coose, one of the speakers at a cybersecurity conference hosted by the Digital Government Institute, said DHS examines breaches to gain insights into new into new attacks and technologies.
“There aren’t very many of them,” he said. Most attacks use familiar exploits against well-known vulnerabilities. Although defenses against existing vulnerabilities and attacks never will be perfect, “you can improve,” he said. “It’s the best you can do.”