Defense-Focused Agencies on Defending Cyber Attacks
CIA, CYBERCOM and DHS are integrating new security solutions to mitigate evolving risks.

Throughout 2021, remote work solutions introduced opportunities for bad actors to infiltrate networks. Amid these vulnerabilities, some agencies are rethinking strategies around cloud, zero trust and multifactor authentication to secure their networks.
“There’s a lot of awareness that an end user has to have, and that’s changed,” said Department of Homeland Security CISO Kenneth Bible during the Billington Cybersecurity Summit last week. “While it’s always been important, it’s even more important in a telework environment.”
This is why security approaches specific to cloud and also zero trust measures to security are critical.
The CIA is working with a cloud-based, software-defined network architecture, making it more difficult for adversaries to gain access to it, said CIA Associate Deputy Director of Digital Innovation Neal Higgins. Zero trust is also enabling the data to essentially “protect itself.”
“The number one thing organizations can do is create a culture of security to recognize that information and data is an organization’s most valuable asset,” Higgins said at the event. “In many ways, moving to a cloud-based, software-defined network architecture allows you to make it harder for adversaries to gain access and maintain persistence … zero trust certainly assists. If the data protects itself … you don’t have to worry about maintaining the moat at the castle walls; you’re protecting the data.”
Multifactor authentication is also a necessary security measure in cloud-based environments.
“If you’re not using multifactor authentication now, if you’re not really looking at micro segmentation of your networks and … minimizing access to key parts of the network … you’re definitely at risk and behind the curve,” said U.S. Cyber Command Executive Director David Frederick.
CYBERCOM is a unique agency in that its systems include those on submarine operations and also undersea fiber optic cables — locations that are physically susceptible to cyber threats because of their austere environments.
To combat these challenges and vulnerabilities, Frederick said organizations should treat cybersecurity as a core business function as opposed to a “risk to be managed,” which requires a mindset shift. Organizations have to understand who and what is on their network and implement continuous monitoring.
“The key to effective monitoring is understanding data flows, through using allowlisting or similar tools, to affirm information that’s leaving a given network, as well as know what software is running,” Frederick said. This ties to the phrase “trust but verify.”
“The example I would give is that the [Defense Department] information network had SolarWinds installed in multiple places, but we suffered no losses or infiltration of data because we had the ability to quickly operationalize and take action quickly and mitigate those risks,” Frederick said.
Critical pieces to cloud security include critical infrastructure and software supply chains — two areas CIA is prioritizing. Supply chain is so critical because so much of the functionality is deployed as code, so even infrastructure as code in the cloud becomes a vector for attack, noted Bible.
Plus, the increased use of personal devices introduces another set of threats. This includes “smishing,” which is when bad actors use SMS messaging to take advantage of vulnerabilities — something Bible said DHS is taking a closer look at.
“It goes back to user awareness,” Bible said. “Phishing attacks are getting much more sophisticated, and it has extended over to our personal devices. Even using things like smishing [has become] a vector for launching an attack, so there’s a combination of technical things that we’ve learned and a visibility to the fact that as we go forward we have to tighten up the supply chain, as well as just user awareness. We’ve gotten used to having what we want, when we want it, and there is a risk associated with that.”
All in all, successful cybersecurity strategies require a cultural shift that requires collaboration.
“We have to develop much better information-sharing models between industry and government to make sure we can rapidly understand threats, encourage companies to share information and encourage companies to collaborate,” Frederick said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Modernizing Critical Infrastructure in the Face of Global Threats
Officials are expanding the latest strategies in boosting defense infrastructure, including securing satellite communications, upgrading enterprise-wide technology, optimizing data management.
20m watch -
DOD Accelerates Software Modernization with Agile DevSecOps Push
The Pentagon's software implementation plan tackles cultural hurdles and integrates security early to deliver critical capabilities faster.
6m read -
VA's Platform One Powers Rapid Innovation to Bolster Digital Services
VA's Platform One accelerates software development timelines from weeks to hours, ultimately enhancing digital services for veterans.
5m read -
The Next AI Wave Requires Stronger Cyber Defenses, Data Management
IT officials warn of new vulnerabilities posed by AI as agencies continue to leverage the tech to boost operational efficiency.
5m read -
Federal CIOs Push for ROI-Focused Modernization to Advance Mission Goals
CIOs focus on return on investment, data governance and application modernization to drive mission outcomes as agencies adopt new tech tools.
4m read -
DOD Can No Longer Assume Superiority in Digital Warfare, Officials Warn
The DOD must make concerted efforts to address cyber vulnerabilities to maintain the tactical edge, military leaders said at HammerCon 2025.
4m read -
Tracking CIOs in Trump's Second Term
Stay informed on the latest shifts in federal technology leadership as new CIOs are appointed and President Trump's second term takes shape.
6m read -
Trump Orders Spark Government-Wide Acquisition Overhaul
As Trump pushes for a faster, simpler procurement system, agencies are leveraging AI and adapting strategies to meet new requirements.
5m read -
Inside Oak Ridge National Lab’s Pioneer Approach to AI
Energy Department’s Oak Ridge National Lab transforms AI vulnerabilities into strategic opportunities for national defense.
22m listen -
New Army Acquisition Plan Cites Autonomy, Predictive Analytics
Officials outline how the Army Transformation Initiative signals a broader shift toward efficiency with tech and acquisition reform.
4m read -
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AWS Summit: NIST Secures High-Performance Computing Against Evolving Threats
NIST’s Yang Guo reveals the broad attack surface of high-performance computing and explains developing guidance and future-proofing security strategies.
9m watch