Resilience, NIST Guidance Play Vital Role in Education’s Cyber Incident Response

The Department of Education has a robust line of defenses in place when it comes to shielding its security posture from ransomware and other cyber threats and whenever the topic of cybersecurity comes up resilience is the focal point of the conversation.

Making sure the agency has the right backups, the right capabilities and the right distribution across geography in some cases, is vitally important to protecting its data, said Steven Hernandez, Education CISO.

“For us, resilience is an absolute pillar of who we are as an organization and when we think about ransomware it’s really a critical dimension that we’re facing but we’re also looking at things like can we handle 100 million hits all at once AND if a system goes down can we bring it up quickly,” Hernandez said.

Education follows guidance from the National Institute of Standards and Technology, and like most federal agencies, the department has an incident response plan in place if its infrastructure is attacked.

Hernandez said not only do you hope your agency can recover from the attack but also that all of your information has been stored somewhere else, especially if there’s an integrity or availability concern.

“Making sure as we’re coming back up, we’re bringing back information and most importantly we understand what we didn’t get back and that there are gaps in the data and making sure that we have paper records that we may have to pull out in order to put that data back in,” Hernandez said.

Often an investigation is launched if the agency suspects that there’s a criminal element. Hernandez said it’s very important to store those pieces of information that you collect during the investigation.

“Immutable storage is what we have to do for the investigative side of this to give law enforcement partners the evidence they need,” Hernandez said. “Oftentimes that’s making a forensically sound copy from what we have, sometimes the actual data if it’s implicated and making sure we can tuck that away so investigators can use it as evidence down the line.”

For years the discussion around cybersecurity focused on tools, technologies and having the right people to do the job but Hernandez said the user experience and modernization are two big areas really being pushed now.

“When security can become the default choice, the easy choice, the best choice, the user will make that decision correctly every single time. We can make many of the security decisions for the user or at least give the user the option that the default choice is also the secure choice,” Hernandez said.

I think we need to look at the future in terms of how we can deliver not only security but do it in such a way where we enhance and promote that user experience at the same time,” Hernandez added.

Even though zero trust is a concept that has been around for at least a decade many people are asking why now, but Hernandez believes it’s really a matter of technology and that technology is what has gotten us here today.

“It’s the willingness to lean forward and embrace these new technologies that frankly is going to get us to the place where security is the enabler,” Hernandez said. “I hope it doesn’t take another nationwide pandemic or catastrophe for us to really rethink how we’re leveraging technology. Hopefully, that’s just part of the fabric of who we are, and we can continue to move at this pace.”