There’s a lot of buzz about blockchain these days, even in government. In fact, we predict that 2018 will be the year of blockchain in government. Blockchain’s inherent security makes it resistant to data manipulation, making it a great tool for securely recording transactions between two parties, everything from medical records, contracts, transactions, even online voting.

No sooner do you have your arms around one cybersecurity vulnerability then another surfaces. This time it’s Meltdown and Spectre, both of which can cause data leak from kernel memory. These vulnerabilities are particularly worrying since they impact practically all computers and involve multiple IT vendors including processor players Intel, AMD, Qualcomm, and ARM.

Targeted campaigns by malicious actors have become commonplace. As recent breaches show, these threat actors can stay hidden on agency networks for long periods of time, assessing your systems and looking for information to exfiltrate. We call them the enemy with no face.

Defending against insider threats is a top priority for the U.S. government. When surveyed by MeriTalk, 85% of federal cybersecurity professionals say their agency is more focused on combating insider threats in 2017 than they were just a year ago.

There’s been a lot of buzz about blockchain in 2017. It was only a few months ago in March 2017 that Betanews predicted that blockchain would be the buzzword that would take 2017 by storm. And it did, expanding beyond the financial community where it’s had a home for several years and breaking into other enterprise sectors.

But few foretold that blockchain would have such a hand in government digital transformation in 2017. In fact, the two go hand in hand.

What is Blockchain?

Agencies breathed a sigh of relief at the end of 2016 as they met the Managing Government Records Directive (OMB Memo M-12-18) for managing all email records in an electronic format (a big step in ensuring the accountability and transparency of the federal government).

Identity management, the process of identifying individuals in your system and controlling the access they have to certain resources, is an area of cyber security that state and local government employees have quite a bit of confidence in. Yet data shows there’s room for improvement.

DLT partner, Symantec, has put together a list of seven items you must add to any incident response plan. Here’s how it translates to government agencies.

1. Have a Workable Plan

Getting to know the “enemy with no face” is critical to winning the cyber war. In fact, it’s the tagline from the U.S. Army’s latest cyber warrior recruitment ad. Yet, one of the biggest challenges to doing so is that most organizations have zero visibility into a significant percentage of the endpoints on their network. That’s because they are either not managed (BYOD, guest, and IoT), have disabled or broken agents, or aren’t detected by periodic scans.

When it comes to controlling logins and privileges on Unix/Linux servers, Centrify’s philosophy is aligned with modern NIST recommendations, as opposed to traditional vendors whose solutions are centered around a Password Vault. Centrify believes users should login directly as themselves and elevate privileges granularly as needed and authorized.