TIC 3.0, Format Preserving Encryption of Data Give Agencies Hope Against Cyber Attacks
Featuring John Fanguy, CTO of CyberRes for Micro Focus Government Solutions.
Effectively, TIC 3.0 really isn't that much about networking. It's really about data protection and privileged access management. Who is on the network? What's happening on the network? What data is on the network, and how is it being protected? While TIC 3.0 is mandated, it's already in force.
Although the vast majority of agencies, perhaps all, are behind on addressing those things, part of it is just sheer procurement delays based on their existing TIC 2.0 and Enterprise Infrastructure Solutions (EIS) networking procurements. But the reality is TIC 3.0, I think, is the silver bullet and it's a mandate. While it doesn't specifically have any dollars behind it, it does completely round out the vast array of cybersecurity challenges that CIOs, IT leadership and chief information security officers are having to deal with.
Recent events have shown that you know, even if all of the applications are secure and the perimeter is secure, the reality is that there's always a handful of users or system accounts, like we saw in the Solarwinds breach, which are excluded from virus scans or that have super privileges, which effectively - in the right circumstance with the right actor - can expose all of that data to be exfiltrated.
And that's why we are emphasizing you know, format preserving encryption based on the NIST standard as being one of the keys to ultimately reducing not only the risk but also the financial impact to the federal government, as well as contractors and individual citizens.