Matt Kraning, chief technology officer and co-founder of Expanse, wrote in a guest piece published Thursday on Nextgov that the Department of Defense and federal civilian agencies looking to accelerate the acquisition process and deliver more innovative platforms should advance program protection.
“In order to be effective and comprehensive, a program protection model should start where an attacker would first begin to surveil a vendor in cyberspace: in its exposed internet presence, such as websites, file transfer services and remote access protocols,” Kraning wrote. “This is where all adversaries – whether criminal hackers or nation-state actors – start.”
He said vendors face cyber risks across adversarial access, identity security and perimeter hygiene categories and monitoring these dimensions of risks demands a capability to identify, operationalize and analyze large data volumes “in an appropriate time frame.”
Kraning noted that program offices and primes should have visibility into a vendor’s entire perimeter to better understand its cyber risk posture.
“The constantly-shifting network perimeter created in a cloud environment means programs and primes will need agile collection and analytic capabilities that scale and maintain visibility at a global level, regardless of vendor size,” he added.