Four keys to government cyber security

20 October 2013 | Dr. Andrew Hawkins, Managing Director, Public Safety and Justice, Worldwide Public Sector, Microsoft Corporation

It’s Cyber Security Awareness Month in the U.S., Canada, and Europe. What better time to explore the proactive measures one government has taken to secure its critical systems? In Poland, amid growing threats to the country’s IT infrastructure, the Internal Security Agency (Agencja Bezpieczeństwa Wewnętrznego (ABW)) launched a four-pronged plan to thwart cyber threats.  

Here’s what they did to protect Poland’s infrastructure—and what you can do, too.

Coordinating cyber security activities
With cyber security threats growing in number, complexity, and scale each year, ABW leaders anticipate a continuous state of danger on the Internet. In response, they seized the opportunity to actively catalyze and coordinate a host of security-related activities. From pursuing early threat warnings and expert guidance to preparing employees and citizens, the government took a preemptive approach to protecting the public sector’s data communications infrastructure.
 
Forging long-term partnerships
Knowing that security risks aren’t going away, ABW insisted on a strategic approach to cyber security that would help ensure the safety of the country’s infrastructure over the long run. An important element of their strategy is participation in two Microsoft programs:
 
1. Government Security Program (GSP)—Enables ABW to analyze the source code of the Microsoft Windows and Office products the government uses, so officials can actively manage their security. The program also includes security information and guidance, technical training, and access to security experts from Microsoft.
 
2. Security Cooperation Program (SCP)—Provides a structured way for ABW and Microsoft to work together and includes early threat warnings, incident response recommendations, attack mitigation, and citizen outreach, as well as help preparing security tests to be run by ABW.
 
Training specialists
ABW officials also know that modern cyber security strategies must include technical training. They started by hosting comprehensive training programs for government and private-sector engineers, beginning with workshops on Windows Server, Windows 7, and Windows 8 security. For systems administrators, guidebooks and automation software were developed to help them configure data communications systems in ways that mitigate threats. This training helped prepare the technical team to defend against imminent cyber attacks.
 
Educating citizens
Because many threats to government infrastructure arise when cyber criminals access poorly protected computers over the Internet, ABW’s team set out to educate Polish citizens. They created several educational videos teaching people how to keep their PCs safe so their information can’t be accessed and used in malicious ways without their knowledge. These videos were part of a broad public information campaign whose slogan was “protect yourself, your computer, and your family.”
 
Using this four-pronged approach, Poland’s ABW fortified the government’s vital systems and infrastructure against future attacks. For more details on how they did it, read the full case study. And to take your first proactive step, attend the 4th Annual Cybersecurity Summit, to be held in the U.S. on November 5th and 6th, 2013. This global forum will cover a wide range of cyber security topics that your government should take action to address. Starting right now.  
 
Have a comment or opinion on this post? Let me know @Microsoft_Gov. Or e-mail us at ongovernment@microsoft.com.
Dr. Andrew Hawkins
Managing Director, Public Safety and Justice, Worldwide Public Sector, Microsoft Corporation

About the Author

Dr. Andrew Hawkins | Managing Director, Public Safety and Justice, Worldwide Public Sector, Microsoft Corporation

Dr. Andrew Hawkins, Director, Public Safety & Justice Solutions, Worldwide Public Sector, has more than two and a half decades’ public sector expertise. He holds a PhD in Management Science from Lancaster University Management School.