With the growing number of cyberattacks on the government organizations that use third-party vendor vulnerability management to analyze their security, the need to introduce new solutions emerges. There is a concern that national technologies and tools can potentially be used for purposes incompatible with the tasks of ensuring international security and stability, which may adversely affect the integrity of the state’s infrastructure, violating their security. In addition, there is an obvious need to prevent the use of information resources for criminal or terrorist purposes. The threats created by third-party vendors can be mitigated via procurement decisions, portable radiation detectors, and vulnerability reward programs.
Addressing National Cyber Security Threats: Recommendations
The suggested version of the cybersecurity strategy may consist of a series of mutually reinforcing initiatives, the achievement of which would strengthen security. The Pentagon’s case of adopting a vulnerability reward program (VRP) while partnering with HackerOne shows that the crowdsourcing cybersecurity community to design the software bug detection is a feasible solution. In their recent study, Chatfield and Reddick (2018) state that this pilot project proved to be effective, being based on white hat hacking management.
Compared to the traditional reference of security issues to the third-party vendor, the Pentagon remained responsible for marking the severity of threats and fixing them. The main idea of the program was associated with the fact that 1400 hackers tried to hack the Pentagon and found more than one thousand vulnerabilities. The crowd called to participate in the VRP also benefited as the citizens of the country, who contributed to its national security.
Based on the program implemented by the Pentagon, it is also possible to protect other governmental organizations. Along with the financial investment, such a decision would require proper staff preparation and awareness of new vulnerabilities to address them. It is important to form a front line of defense against current direct threats by designing or increasing overall situational awareness of vulnerabilities and occurring events (Chatfield & Reddick, 2018). It is possible to enhance future cybersecurity by enhancing the education of staff involved to detect malicious activities in cyberspace as well as coordinating research and development plans by the federal government.
This is likely to result in the reduction of the existing vulnerabilities and the prevention of unauthorized information utilization. Since the third-party vendors are the key partners of the government in the protection against hacker attacks, their training can be regarded as a rather important step in ensuring the cybersecurity of the nation.
The use of portable radiation detectors can be suggested as another security measure that focuses on conducting regular vulnerability scans and patches. This practical solution aims to prevent radiological and nuclear disasters in the framework of the health belief model and the theory of reasoned action, which is discussed by Iles et al. (2017). The authors claim that the diffusion of innovation should be integrated into the use of portable radiation detectors to foster their adoption.
Among the key positive impacts of this recommendation, there is the increased trust in the government and patriotic beliefs. However, the financial incentives, as well as anxiety about the effectiveness of these devices, can be noted as the barriers faced by the solution advocates (Iles et al., 2017). Therefore, it is suggested to initiate extensive research and discover the attitudes of the population to establish proper communication between the government and people.
The severity and frequency of cyberattacks on the critical infrastructure make it evident that not only practical but also policy changes are required. According to Rodin (2015), the government contractors provide services in the field of information security, and the Defence Industrial Base (DIB) Sector fully relies on their performance. The Federal Acquisition Regulation (FAR) amendment was proposed by the US government to promote information sharing. In particular, this regulation requires the contractors to rapidly report about cyber vulnerabilities as a part of the standardized process, which helps in identifying the source of threats.
At the same time, the government receives information on any data that was stolen to eliminate the breaches (Rodin, 2015). In turn, the government undertakes the responsibility of protecting those contractors who marked vulnerability, ensuring that no prior incidents will be held against them. In other words, the FAR amendment considers the roles of both parties in terms of the common goal of supporting national cybersecurity.
Conclusion
To conclude, although cybersecurity is one of the most important tasks facing the government, the effectiveness of counter-measures and public awareness remains limited. Based on the initiatives adopted by the US government, it is recommended to introduce the recently released FAR amendment in the national sector. The use of vulnerability reward programs is another relevant strategy that is expected to increase the attention of the public and specialists to the identified problem. It was found that such programs strengthen the country’s cyber protection and provide the opportunity to participate in this process for citizens. In addition, portable radiation detectors and staff training were recommended as practical solutions that improve national cybersecurity.
References
Chatfield, A. T., & Reddick, C. G. (2018). Crowdsourced cybersecurity innovation: The case of the Pentagon’s vulnerability reward program. Information Polity, 23(2), 177-194.
Iles, I. A., Egnoto, M. J., Fisher Liu, B., Ackerman, G., Roberts, H., & Smith, D. (2017). Understanding the adoption process of national security technology: An integration of diffusion of innovations and volitional behavior theories. Risk Analysis, 37(11), 2246-2259.
Rodin, D. N. (2015). The cybersecurity partnership: A proposal for cyberthreat information sharing between contractors and the federal government. Public Contract Law Journal, 44(3), 505–528.