Defense in Depth: Employing a Layered Approach for Protecting Federal Government Information Systems

United States federal government agencies, whether civilian or military, are a regular target of cyber-attacks from a variety of sources. These sources range from amateur to experienced hackers, hostile nation states, or even agency personnel. Agency information systems are good targets for cyber-criminals because their information systems hold a treasure trove of data. The data is not only about their employees, but private citizens as well. Unlike private sector corporations, government agencies have to comply with specific legal statues and regulations from Congress and oversight bodies that govern their information systems. Additionally, agencies are required to disclose some of their data to the general public over the Internet. With this in mind, agencies have to ensure their most sensitive information is not improperly disclosure. A poor information security posture can put spies and military troops in harm's way and expose private citizens to cybercrime as well. Federal agencies need to employ a layered approach to information security in order to defend their systems from all threat sources. This paper will provide information on specific techniques that are being used by a major federal agency to protect their enterprise from threats.