The increasing number of recent attacks against public digital services should jolt governments into action to better protect cloud infrastructure and digital services.
That’s the considered view of Fran Trentley, former White House Communications Agency, Chief Information Officer under President George W. Bush and now Vice President of Global Security and Government Services offerings for web content delivery leader Akamai.
Attacks such as those on the Census website are never welcome, but they are now helping government leaders realise that they need to up their game when it comes to not only ensuring security, but reliability in the face of attacks, according to Trentley.
“Crisis breeds innovation,” says Trentley. “We’re driven by policy and budget cycles so we’re not tuned for small incremental changes. We tend to change based on immediate threats to our health and wealth, so sometimes you need a driver to demonstrate the challenge that you’re facing.”
In Australia, this took the form in the Census attack, but Trentley also points to recent hacking attacks in the United States, such as the attack on the Office of Personnel Management which targeted individuals’ private information.
“From a security perspective, [governments] realise they can’t ignore this anymore,” he says. “We’ve seen this trend in business with security and digital moving into the C-level over the past few years. And now we’re seeing that more in government.”
Governments and business – not so different
Trentley points out that governments and businesses are now facing strikingly similar challenges when it comes to managing the resilience of their web sites and applications in the face of attacks, arguing that in many cases, the solutions are the same.
“They’re certainly more alike than different,” he says.
However, while more businesses are catching on to the harsh realities of running digital services, Trentley says government leaders are still blasé about what it takes to keep digital infrastructure up and running, and resilient to attacks. Parts of government continue operating with a compliance mindset instead of developing skills and policies that will achieve the required outcome.
“If you look at some governments around the world, and some agencies here, the general feeling of preparedness is “I think we’re good…we’re not in too bad a shape”, but everyone else needs a lot of work” says Trentley.
“Unfortunately, for governments specifically to move, you often need to encounter a crisis.”
Adopt a resiliency mindset
Trentley points to his own experience in the White House, where the tragic events of September 11 forced the US government to confront its own technological unpreparedness.
“We recognised at the time, there were several single points of failure. The architecture had not been given a lot of love and attention, and we had to change it very quickly.”
“I replaced everything. Our focus was building the network to support [the President], but also to support administrations in the decades to come.”
“We also built with resiliency in mind, so that if we lost portions of the infrastructure, it would all still work.”
This resiliency mindset is what Trentley says more governments are adopting in light of the shift to digital services, especially critical pieces of government infrastructure that citizens rely on to interact on a daily basis. “It’s not getting better. These attacks are larger, they’re happening more often, and they’re more sophisticated,” says Trentley.
Don’t be afraid of the cloud
So how can governments best ensure resilience against these types of attacks?
“Leverage the power of the cloud,” says Trentley. “You simply can’t protect yourself from attacks using fixed infrastructure. The attacks are just too large.” “There has to be a public-private partnership,” he says.
“Those days are gone. Agencies have to get comfortable using shared capability.”
Using cloud-based infrastructure such as Akamai will enable governments to tick both “reliable” and “protected” boxes, Trentley says. He points to the FedRAMP system in the United States, through which a body certifies third-party cloud services as safe for any government agency to use.
“It just makes sense to move to leveraged cloud infrastructure,” he says. “Our adversaries are using it, delivering highly distributed attacks and you need a mitigation that is also highly distributed.
“We need resilience in networks for emergencies, and governments to be present at all times. Build knowing the underlying infrastructure is reliable.”
Embrace a digital future
Building resilient infrastructure is only one piece of the puzzle, says Trentley. Government leaders should start taking a more holistic view of the internet and not believe that all government services can be run in their own, cordoned-off area of cyberspace.
DTO’s digital service standard is helping drive this change, with criteria that helps ensure government services are simpler, clearer and faster for all users.
“Think about your constituents, your employees, and customers of the future. They’re going to be on the internet far more than today and they’ll expect digital services that are as convenient and innovative as their favourite mobile app or web site.
“You simply need to figure out how to operate securely in that domain. Because it’s no longer a question of whether you’ll have adversaries targeting you – it’s a question of when.”
Don’t miss the Victorian Government cyber resilience leadership forum
Join The Mandarin this Thursday October 6 starting 8am for an executive learning program for Victorian public sector leaders looking to build cyber resilience and capability for their agencies. This event is for Victorian Government officials only and is free.
Victorian government is rapidly digitalising services and migrating core applications to the cloud. It is critical these services are secure and perform well to ensure citizen trust and satisfaction. The challenge is amplified as the Government seeks to offer joined-up, end-to-end intelligent services across a variety of agencies, jurisdictions, networks and devices.
This comes as the threat environment continues to escalate and as the Government looks to rapidly upgrade the security of its networks, infrastructure and web sites. The efficient and secure management of data across these systems is a major leadership, governance and technological challenge, requiring a strong strategic and operational response.
Join us to learn about the development of this response and how leaders can build resilient agencies and critical on-going capability around this important digital challenge.