first published week of: 02/20/2023
The packet capture, or PCAP, requirement’s short timeframe and potentially massive data loads caused one expert to doubt whether it would be useful after a real cybersecurity incident.
New federal requirements to log every data packet that crosses agency networks—called packet capture or PCAP—have raised concerns among cybersecurity experts in and out of government, who say the new rule is unclear, resource intensive and of little value during a real-world breach investigation.
The PCAP requirements were a direct result of a series of breaches detected in late 2020, including the SUNBURST incident that triggered a governmentwide remediation effort and a series of new mandates for agencies.
Read full story at NextGov…