State-sponsored cyber-aggression has become part and parcel of modern warfare and low-intensity conflict. From the spate of cyberattacks that preceded the Russian invasion of Ukraine, to direct attacks on national power grids and government infrastructure, success in the global cyber capabilities race is now based on how fast nations can identify, validate, and onboard new technologies to harden their digital environments. Despite the need for bleeding-edge capabilities, the costly and burdensome security vetting processes in place today often delay their adoption, leaving organizations vulnerable to attackers.
The legacy testing processes utilized today often involve static lab environments that do not accurately mimic real-world operational technology and information technology environments and network traffic, leading to failures to evaluate potential solutions against sophisticated actors at a global scale. A dearth of dedicated lab resources only compounds the problem, leaving testing environments without the ability to emulate real-time, evolving business operations, scope of attack surface, and cyber risk experienced by a target organization.
By prioritizing the development of more sophisticated and dynamic testing environments, governments can perform speedier and more thorough vetting of solutions that can hold up to the robust threats of today.
Additionally, the Federal Risk and Authorization Management Program (FedRAMP), while effective at thoroughly evaluating cloud services providers, has an assessment and validation process that takes nearly one year to complete, potentially delaying the onboarding of new security technology that must defend against attackers who are constantly developing new techniques and tactics. Reducing the complexity and financial cost of entry could help some security companies more readily deliver cutting-edge solutions to the government more rapidly.
The good news is that the tide is slowly turning. The federal government is increasingly looking to the private sector to bolster its cyber defensive posture, increasing information sharing that helps build more robust testing environments and better evaluate new technologies prior to an attack. The government must build on this success by speeding evaluation and audit timelines, enabling rapid adoption and the onboarding of newer, more advanced technologies capable of stopping today’s threats.
By balancing the need to validate and vet solutions with the demand for timely delivery, the federal government can better prepare itself for threats that aren’t bound by legacy testing processes, excessive timelines, or burdensome regulatory schemes, leading to more secure infrastructure and a safer digital world.