Remember the old days?
Agencies protected networks and data by guarding their perimeter and that was enough. Agencies relied on anti-virus software. There was none of this insider threat stuff. No PLA. No APTs. Feds got a raise every year, no one knew what sequestration was, and flip phones were awesome.
Times have changed.
Cybersecurity isn’t optional any longer. Detection and remediation alone don’t cut it. APTs are coming at Federal agencies in waves.
“Detection represents a passive approach, and agencies that rely on detection and remediation alone – without an active prevention and resilience strategy – run the risk of having the weakest cybersecurity,” according to a new white paper. “That makes them ripe for attacks. Remediation efforts often rely on external and reactionary incident response teams that cost more. These teams become necessary when government focuses more on detection and not prevention and resilience. Detection and remediation are important, but they can’t represent an agency’s only defense strategy.”
Beware of the Goblins
Agencies are a prime target for aggressive nation states. That’s because agencies collect valuable data on everything from the electrical grid, to nuclear plants, industry data, and economic policy. Federal research also is an attractive target for other governments that would rather poach our intellectual property rather than spend the time and money to compile their own.
Even the Justice Department has shuffled its national security team to better combat state-sponsored hackers, according to the National Journal. Last week the department created a new senior level post for cybersecurity issues.
“While our top priority will always be combatting terrorism, we must also sharpen our focus and increase our attention on the emerging threats of economic espionage and proliferation,” said Assistant Attorney General John Carlin, the head of the national security unit.
Outrunning the Monsters
Prevention and resilience are crucial, but too few agencies are embracing this proactive approach, according to the report.
Giving up on prevention makes an agency an easy target. Having a stronger cybersecurity posture than other agencies will cause the adversaries to overlook you in favor of the low-hanging fruit. In other words, don’t be the slowest runner in the race.
Less Trick, More Treat
So what can agencies do? It’s important to rely on a range of tools to recognize malicious patterns within their network. In a world of unrelenting APT attacks, these techniques are increasingly important, according to the report:
- White listing only authorized applications
- Segmenting the network to ensure resilience, which limits exposure for any adversary who gets in and tries to move laterally
- Using a platform-based approach, particularly for APTs and zero-days and comprehensive protection of network-to-data center-to endpoint
- Selectively decrypting Secure Sockets Layer (SSL) traffic
- Taking note of traffic going to unregistered domains
- For mobile users, requiring a VPN to the government security platform and using the platform’s Mobile Device Management to protect the device and the network assets
- Embracing Continuous Monitoring also represents an important new approach to improve cybersecurity
Read the full report here. Are there steps your agency has found useful to guard against APTs? Let us know.
Feel like sharing something Noteworthy? Post a comment below or email me at firstname.lastname@example.org.
Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.