Cybersecurity

Government agencies face challenges on threat surface, funding

Expert warns of “new vulnerabilities being discovered in new and old technology all the time.”
article cover

Kieferpix/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

You know the feeling—your IT team is facing a budget crunch and needs to make hard choices on what to prioritize.

That either-or decision-making isn’t confined to the private sector, F5 Chief Product Officer Kara Sprague told IT Brew. Even the federal government needs to rank needs—and near the top is prevention.

“It’s that kind of preventative piece that I think is really important, because otherwise you end up having this mass of installed technology that is out of date, fundamentally insecure, because it’s not being patched on a regular basis,” Sprague said. “There [are] new vulnerabilities being discovered in new and old technology all the time.”

Watch your back. As RSA Security CEO Rohit Ghai told IT Brew in early May, backdoor hacks on third-party vendors are creating vulnerabilities. Attackers are using an organization’s “alarm system” to escape detection, he said.

Adding to the problem—and the solution—is the implementation of AI. The technology is rapidly advancing capabilities on the attacker and defender sides, Sprague told us, providing a threat vector that’s as easily exploited by hostile actors, including governments.

Palo Alto Networks’ Unit 42 SVP Wendi Whitmore told IT Brew at this year’s RSA Conference in May that she sees cooperation between the public and private sectors as an important part of the solution.

“It doesn’t take just people like us who are investigating and researching and defending; we have to have that policy arm,” Whitmore said. “That makes it harder for attackers to effectively conduct ransomware attacks, and enables organizations to leverage the government in positive ways.”

Language! The speed and evolution of machine learning models like ChatGPT has created a “incredibly powerful new technological capability which, if history proves a good example of what happens, we can expect that adversarial governments will have some amount of capability with it,” Sprague said.

There are signs the federal government is taking the threat seriously. CISA directives and action by the White House have been “very encouraging,” Sprague said, showing a focus on securing the country’s tech sector. But more is needed. She told IT Brew that obsolete tech isn’t being properly managed, opening up the possibility of exploitation by attackers.

“That is a huge hole in our cybersecurity, in our cyber defense,” Sprague said, adding that patching and prevention are “as fundamental as going and getting your car’s oil checked every six months or every year.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.