Many of the cabinet level Government agencies are organized in a federated fashion. That means that although they appear monolithic from the outside, they are composed of bureaus, program offices, and smaller sub-units. These are typically independently funded and managed. One of the challenges that cybersecurity runs into, is that each sub-unit has its own approach and criteria for security, so that each may have a different risk tolerance and risk appetite.
The best security programs are both efficient and cost effective. One way of doing this is to reduce duplication and ensure that the same level of risk is accepted across the interdependent sub-units or at the enterprise-level. This means that the culture must incorporate cybersecurity seamlessly into all facets of their mission accomplishment.
System 1, Inc. has been working across federated organizations, tying them together, modernizing and evolving them from an organizational view to an enterprise view of security. This means that while each organizational group retains its independent programmatic security goals, all the groups all share the threat information and remediation and gain access to common processes and tools that are available that have been accepted across the enterprise. The approaches and results once identified by a single organization can now be used by other organizations to reduce their duplication.
The impact of transitioning from a federated to an enterprise cybersecurity program enables culture change and gains in both efficiency and cost effectively. System 1, Inc. has already documented approaches for a number of use cases, which will be discussed in later articles.