Dashboards, sharing threat intelligence help USDA improve cybersecurity response - Federal News Network

SPONSORED BY TANIUM CYBERSECURITY Dashboards, sharing threat intelligence help USDA improve cybersecurity response When it comes to cybersecurity, the more data you have, the easier it is to identify anomalies and stop adversaries, shares Agriculture CISO Ignatius Liberto. Daisy Thornton@dthorntonWFED December 11, 2024 12:40 pm           Federal Monthly Insights — Improving Cybersecurity through Autonomous Endpoint Management — 12/11/24 Audio Player 00:00 00:00 Use Up/Down Arrow keys to increase or decrease volume. DOWNLOAD AUDIO Technology has come a long way from the days of antivirus software installed on endpoints. Recently, the Agriculture Department migrated from a host-based security system to endpoint detection and response. The big difference, USDA Deputy Chief Information Security Officer Ignatius Liberto said, is that final word: response. “In the old days, we had this mindset of ‘allow all, deny my exception.’ And then, if we had a threat signature, we’d load it in there and certainly go hunting for that specific threat signature. Now, with technology and the way we’ve generated our defense in depth for our enterprise network, we’re looking for anomalies,” Liberto said on Federal Monthly Insights — Improving Cybersecurity through Autonomous Endpoint Management. “But at the end of the day, it’s these automated responses, the ability to isolate, contain and quarantine very rapidly — whether it be a threat signature coming in via email or from one of our many forward-facing websites. It’s the ability to understand as soon as possible that something is not normal so we can kick off an investigation.” Liberto said his team uses log aggregators to collect, tag and categorize information to quickly get a picture of what normal network traffic looks like and spot the anomalies. In addition, he said that logging capability is being used to generate dashboards to increase situational awareness and drive critical thinking that helps security teams understand adversaries and their aims. Those dashboards help separate the digital signal from the noise, giving Liberto and his team a better idea of what’s worth following up on and what isn’t. “You can’t chase every false positive, and you don’t know it’s a false positive until you chase it,” he told the Federal Drive with Tom Temin. “We’re getting better and better at tuning our sensors. We’re getting better at understanding what normal bad behavior on our network looks like. So then, when we feel confident, when we get an alert, we can chase it.” Adversaries may try to violate the confidentiality of data by exfiltrating it, manipulate the integrity by altering it or shut down access points to deny its availability. Those three items — confidentiality, integrity and availability — are what Liberto refers to as the “CIA triad.” He said USDA is working on incident response plans to protect those aspects of data. Partnering to secure food, agriculture critical infrastructure When it comes to cybersecurity, the more data an organization has, the easier it is to identify anomalies and stop adversaries. That’s why USDA is engaging in multiple partnerships, including with the Homeland Security Department  and private sector stakeholders. “The National Security Council has identified the food and agriculture critical infrastructure,” Liberto said. “So what we’re doing now is figuring out ways to collaborate, cooperate and share information with the vendors and with these large industries that support food and agriculture, and going to discussions on how we’re going to work together to defend this critical infrastructure. This is a nascent capability, but we’re moving very rapidly in that direction.” The idea, Liberto said, is that if an adversary can penetrate the systems of one of USDA’s peers, then it can probably cause problems for USDA as well. That’s why the department pays attention to major cyber incidents in both the public and private sectors, as well as availing itself of both commercial threat intelligence as well as information sharing from the intelligence community. “The most important thing is, no matter how strong your policy is, how strong your compliance is, no matter how well you follow a law or a binding operational directive from the Cybersecurity and Infrastructure Security Agency, never underestimate the malicious cyber actor out there,” he said. Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.           Daisy Thornton Daisy Thornton is Federal News Network’s digital managing editor. In addition to her editing responsibilities, she covers federal management, workforce and technology issues. She is also the commentary editor; email her your letters to the editor and pitches for contributed bylines.     Follow @dthorntonWFED Sign up for breaking news. Related Stories AI boosts efficiency for agencies, but trust and safety lead the way ARTIFICIAL INTELLIGENCE Read more The business impact of cryptographic drift: The urgent case for post-quantum cryptography COMMENTARY Read more Getty Images/Westy72 EXCLUSIVE CMMC director Bostjanick retiring from DoD PEOPLE Read more Related Topics AGRICULTURE DEPARTMENT ALL NEWS CYBERSECURITY FEDERAL INSIGHTS IGNATIUS LIBERTO TECHNOLOGY UPCOMING EVENTS Modernizing government ERP: Reducing risk while preparing for what’s next Federal Retirement Tax Planning and TSP Maximization How to get the most from your TSP as a federal employee [Live Q&A] Federal News Network’s CX Exchange 2026 Ask the CIO: Defense Cyber Crime Center More TOP STORIES TSA employees at ‘breaking point’ GOVERNMENT SHUTDOWN VA restores AFGE labor contract, but isn’t implementing it, court documents show UNIONS 'Stressful, chaotic, never-ending:' DoD employees face mounting strain as Middle East conflict widens WORKFORCE Airport disruptions abound as senators chase deal to end Homeland Security budget standoff GOVERNMENT SHUTDOWN Anthropic and Pentagon head to court as AI firm seeks end to 'stigmatizing' supply chain risk label ARTIFICIAL INTELLIGENCE Trump administration clouds up its push for AI in government ARTIFICIAL INTELLIGENCE