Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move their culture, processes and technology to a mission-centered cyber response.

What is a mission-centered cyber response?

Each government agency exists to give citizens access to critical services, such as Medicare claims or Veterans Affairs services. These agencies must focus not only on serving their stated mission but also on protecting their ability to meet their mission in the future.

Many citizens get services through online channels, which makes it imperative to reduce the risk of cyberattacks and create a response plan to reduce delays in services. Additionally, federal employees use digital tools to serve citizens in person. To make sure that they continue to serve their missions without disruption, agencies must protect key infrastructure and take all precautions, including practicing cyber incident response.

“Cyber is not simply a technical issue. When there is a cybersecurity incident, that can negatively impact the lives of the people who you are trying to help,” says Claire Nuñez, content and design lead at IBM X-Force Cyber Range. “In a commercial organization, cybersecurity attacks are a business problem, while in federal agencies, cybersecurity actually becomes a mission problem.”

When a crisis like a cyberattack arises, agencies can use their mission to set priorities. For example, many agencies have human life as their first priority and operational impact as their second. The goal is to first provide necessary services at an acceptable level where people’s lives aren’t impeded and then move to a full recovery of services.

Preparing the whole organization for a cybersecurity response

By involving the entire organization in cybersecurity preparation and response, federal agencies can put a mission-driven response into action. A key part of reducing cybersecurity risk starts with team members with the right skills to prevent and respond to a cybersecurity attack effectively. This includes not only IT but also multiple departments within the agency to address different facets of both processes.

Legal and general counsel

Because a cybersecurity attack and response bring many legal ramifications, the agency’s general counsel often acts as the right hand to the security department and must be involved throughout the process. Federal agencies must comply with regulatory standards for cybersecurity along with any state standards, such as California’s privacy laws.

Labor and human resources

One of the chief roles of labor or HR departments in a crisis is planning and providing surge support. To swiftly respond to a crisis, organizations often need more hands on deck than usual. This support can range from technical employees to citizen-facing representatives. Employees can burn out quickly in a crisis and surge support can lessen the workload.

Employee communication

It’s imperative that employees and citizens maintain their trust in the agency throughout the response. Labor and communications teams can work to create a plan for employee communications during a cyberattack to make sure everyone has the key information needed to continue upholding the organization’s mission throughout the crisis and response.

External communication

Keeping all critical parties informed during the response to a cybersecurity incident is a vital part of a mission-driven response. Citizens, other federal agencies and law enforcement all need to receive regular communication from the affected agency. Because each group needs different information, creating a plan in advance with responsible parties helps reduce the chances of a breakdown when clear and frequent communication is most needed: in the middle of the response.

“Everyone in the agency needs to work together to keep the response moving together,” says Nuñez. “Labor and HR and communications have to work together to get messaging out, while legal approves all communications. The workstreams happen independently but must also have capillaries between them.”

Explore the X-Force Cyber Range

Shifting the culture to a mission-centered response

While it’s easy to focus on processes and roles, having an effective response depends highly on the security culture of the agency. Nuñez says that every organization has a security culture, whether the agency actively works on that culture or not. The goal is to create a security culture where every employee sees cybersecurity as a key part of their role and understands that a cybersecurity breach makes it challenging, if not impossible, for the agency to fulfill its mission.

“You need all your employees engaged to be ultra-secure and to kind of take your risk level down. And it’s not just an effort from a cybersecurity team; it’s an effort from everyone. Security culture can’t really exist without leadership support,” says Nuñez. “Security must be fully embedded throughout the organization. Once a leader brings cybersecurity into conversations all of the time, the conversations naturally happen both laterally and from the top down.”

Providing training to all employees

Training for a whole organization’s cybersecurity response involves cybersecurity training for all employees. The type of training needed is twofold: technical and practical. The technical team should engage employees in tabletop training, such as capture the flag or war games. All employees need to be trained to know how to spot cybersecurity concerns, such as recognizing phishing emails. They also need training on the process of reporting security concerns promptly.

Leadership teams also need to schedule practice events. This should include testing emergency communications to make sure they work as planned and that employees know their roles and tasks. Additionally, training should consist of large-scale training practices, such as walking through agency-specific playbooks and immersive experiences at cyber ranges.

“Training should range from the small things, such [as] making sure all documents are updated with the right contacts, to actually sitting down to practice and validate all of your plans and processes,” says Nuñez.

Moving forward with a mission-driven response

By moving to a mission-driven response now, government agencies can begin to proactively prepare for a cyberattack. With the newly released guidelines on cybersecurity, a mission-driven approach provides the framework and culture to meet requirements.

Ready to learn how IBM can help your government agency create a mission-driven response? Click here to book a meeting.

More from Risk Management

What can businesses learn from the rise of cyber espionage?

4 min read - It’s not just government organizations that need to worry about cyber espionage campaigns — the entire business world is also a target.Multipolarity has been a defining trend in geopolitics in recent years. Rivalries between the world’s great powers continue to test the limits of globalism, resulting in growing disruption to international supply chains and economics. Global political risk has reached its highest level in decades, and even though corporate attention to geopolitics has dropped since peaking in 2022, the impact…

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today