The strategy also argues for the need to strengthen information safeguarding through structural reform, policy and technical solutions in order to mitigate the risk of insider threats and exter¬nal intrusions.
Departments and agencies must work to enhance capabilities for data-level controls, automated monitoring, and cross-classification solutions, according to the strategy, which calls for network monitoring and detec¬tion of anomalous behavior.
Tracking information from counterintelligence, security, information assurance, and HR elements, across multiple networks and domains will enable authorities – identified as “existing coordination bodies” – to proac¬tively reduce and address security breaches.
Policies and procedures should also address unintended release of information. The strategy calls for moving from network to data-level controls with application interoperability, and argues that increasingly granu¬lar security controls will improve access to information.
Automated continuous monitoring is also recommended.
