Mission Critical: An Update on Federal Cybersecurity
by Lisa Lindgren
posted on 08-22-2016
Recently, members of the cybersecurity community joined Adobe and Nextgov at an event called “Mission Critical: An Update on Federal Cybersecurity.” In a packed room near the White House, Dr. Steven Gottwals, technical director for security solutions at Adobe Systems Federal, outlined Adobe’s vision for improved federal cybersecurity based around adoption of data-centric security solutions.
Hacking is nothing new; it has been going on since the 1960s when John Draper figured out how to tap into AT&T’s phone systems with a whistle from a Captain Crunch cereal box. Gottwals took the audience through cyberattacks from past to present, to demonstrate how as technology has grown, so have attacks.
Cyberattacks evolve, so our security to protect against them must evolve to keep up. A great way to protect the confidentiality of sensitive information is to operate at the data-layer and encrypt documents individually, which can be accomplished with Digital Rights Management (DRM). As Gottwals emphasized, this system bolsters defense against hacks. While no system can be perfect, DRM does provide another layer of defense beyond network and device security, by protecting the content regardless of storage or transport.
DRM offers dynamic control of content, which means the organization can control who accesses it and when they access it. In addition, organizations can audit the document, where it gets opened, when it gets opened, the number of times it gets printed and other useful pieces of information. For example, the security team could be alerted if someone opens a documents in Virginia, and then in Morocco five minutes later. With these tools, organizations can analyze documents for suspicious activity and better prevent attacks from both inside and outside the firewall.
Gottwals also outlined another data-centric security solution, digital signatures, and how they are used to better protect the integrity and authenticity of information. Document recipients are alerted if even a single pixel is changed, providing tamper detection of information. He gave examples of prominent institutions that now rely on digital signatures, including Stanford using them for their transcripts and the Government Publishing Office using them for important documents.