This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print this page

The Cyber-Savvy Agency

10 steps to a new cyber mission discipline


Agencies are moving their missions and programs further into cyberspace to achieve more—from next-generation citizen services to national security. For better or worse, the government’s Cybersecurity efforts are increasingly interconnected - inextricably linking daily decisions on performance and information sharing with risk management and prioritization at every level of the organization. And across every department — from IT to human capital to finance and acquisition.

The Cyber-Savvy Agency

Today’s leaders are taking a fresh look at what this changing paradigm means for their agency’s policies, processes and systems. Here are 10 steps to synchronize Cyber initiatives and empower agencies to collaborate across departments to protect their people, programs and mission.

  1. Expand security beyond IT
    Security as usual is security at risk. Treat Cybersecurity as an IT-only concern, and over time such misperceptions can erode the cyber infrastructure and limit agencies to only incremental gains. Get everyone — CFO, CHCO, CAO, CIO, CISO, CTO, program leads and others — at the table to back the business case, choose priorities, and drive change in their department.

  2. Treat data as a target
    Agencies make attractive targets—prized for their vast stores of information, including information about our nation’s economy, health, technology, energy, etc.—exploited for competitive, monetary, or adversarial advantage by organized cyber criminals and hostile nations. Understand the value of all your agency’s assets and quantify the potential implications of your priorities. Protect what matters most to the mission and preserve the public’s trust.

  3. Set Cyber performance goals
    A Cyber governance framework can help leaders see what Cyber initiatives are successful — the first step to establishing a performance-oriented, results-focused approach. Agencies that can see what’s valuable can shorten their learning cycle and better drive lasting change.

  4. Automate Cyber processes
    Use real-time prioritization and process automation to lock in efficiencies. Use existing technology to minimize costs, lag times, and disruptions. Create a disciplined, repeatable, controls-based approach to help reduce redundancy and rework and free up employees to focus on the mission.

  5. Expand identity management
    Know who you’re dealing with online without having to credential everyone. An identity credential and access management (ICAM) framework can empower agencies to protect personal identities and privacy as well as physical and “digital” facilities. As the agency grows, ICAM can let you expand partnerships and add services without more layers of security or more cost.

  6. Cultivate Cyber leadership
    CISOs, CTOs, and CIOs must become change agents to drive Cyber initiatives. As agencies choose their own Cyber leaders (or teams), it may not be who you expected. Look beyond functional and technology expertise when vetting new leaders — people and change management are critical to getting big things done.

  7. Manage risk
    All roads lead back to risk. Strong controls in one area don’t count if you are vulnerable somewhere else. A 360-degree view of your agency’s risks can help all departments make better decisions, set priorities, manage investments and measure results. Risk-based decision support can help enhance security and improve performance, while lowering costs.

  8. Move to a faster tempo
    Agencies must hone situational awareness. Develop predictive tools to synthesize threat intelligence that quickly translates into actionable operations around both current and emerging risks. More than just speed, a cyber-savvy agency is agile — whether it’s tackling changing Cyber threats or agency missions.

  9. Cultivate workforce resiliency
    Increase vigilance. Dedicate resources to help the workforce recognize the risks, threats and vulnerabilities of Cyber space. A secure workforce knows how their actions can pose risks and recognizes when the patterns of behavior in others indicate increased vulnerability or a risk of asset exploitation.

  10. Broaden your view
    Baseline who is working for you and with you — from employees to contractors. Think outside your network, too. Cyber-deterrence compels agencies and nations to establish public / private partnerships with new, non-traditional partners. Follow the flow of information inside and outside your agency to identify vulnerabilities. Strengthen every link in the chain.

Last updated

Related links

Share this page

Email this Send to LinkedIn Send to Facebook Tweet this More sharing options

Stay connected