With the dramatic increase in security breaches over the past several years, federal agencies are exploring new ways to ensure productivity while protecting data against external and internal threats, according to MeriTalk, a public-private partnership focused on improving the outcomes of government IT.
MeriTalk’s new report, Federal Cyber Uncertainty – KVM XYZ, sponsored by Belkin Government, reported a 680 percent increase in the past six years in the number of incidents reported by federal agencies to the federal information security incident center.
Moreover, between 2009 and 2014, the number of reported breaches on US federal computer networks rose 73 percent. In 2014, 1.73 million data records containing bank account information or social security numbers were compromised in 27 government data breaches.
In response, a number of federal cybersecurity mandates have been created to ensure the protection of sensitive information. For example, the Federal Information Security Management Act of 2002 (FISMA) requires federal agencies to periodically assess cyber risk.
In addition, according to the Office of Management and Budget, Homeland Security Presidential Directive 12 (HSPD-12) calls for a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and to the employees of federal contractors.
However, the study revealed agencies lack confidence in—and often times compliance with—these major federal cyber security initiatives. For example, just over half of federal managers say FISMA has improved security at their agency and only 27 percent were fully compliant with FISMA in the fall 2013.
Moreover, despite all of the personal identity verification (PIV) cards issued, 5.3 million unprivileged user accounts with limited access can log onto federal networks with only a user ID and password and 134,287 privileged user accounts are just using user ID and passwords, instead of PIV.
Although federal agencies are increasingly cognizant of the need to do more to ensure security, many are unprepared to apply the same vigilance to inside threats as they give to outside threats. While nearly half of federal IT security decision makers say government data is most at risk of breach from employees’ or contractors’ desktops or laptops, 66 percent say they are missing measures for endpoint security management.
Homeland Security Today reported in October that investigations conducted by the FBI revealed 59 percent of employees admitted to taking proprietary information upon termination. Moreover, according to a January 2015 survey by IT software management company SolarWinds, although federal agencies identify careless or untrained insiders as the top threat to federal cybersecurity, agencies continue to devote the most concern and resources to malicious external threat sources.
“Cyber attacks from within an agency need to be as rigorously addressed as those originating from outside sources,” said Mauricio Chacon, director of product development, Belkin Government. “KVM switching devices allow government employees to switch networks with various security levels from one desktop. Agencies need innovative, secure solutions that meet the latest government security standards to protect data from both internal and external threats.”
The MeriTalk study found keyboard-video-mouse (KVM) switching devices—a hardware device that allows a user to control multiple computers from one or more sets of keyboards, video monitors and mouse—may be the solution to better protecting government data from both internal and external threats. The study said secure switches eliminate bi-directional data flow and allow for sharing of a single set of peripherals among several computers, while ensuring clear separation between disparate networks.
In addition, best practices for using KVM switches to address desktop security concerns are beginning to emerge, including monitoring USB ports, avoiding non-secure KVM switches, examining casing and design to ensure the external housing of the switch is tamper proof and isolating data and the Common Access Card reader.
“Federal cyber security lives in Snowden and Hillary’s shadow,” said Steve O’Keeffe, MeriTalk founder. “KVM spells sounder practical security – liberating the federal workforce to focus on productivity.”