Successfully Navigating the Cyberspace Battlefield
Threats and conflicts increasingly emerge not on land, air, or sea, but in space—more specifically, cyberspace. The volume, complexity, and intensity of cyberattacks targeting the United States public sector and critical infrastructure continues to rise, putting the operations of government agencies and the safety, security, and even daily activities of citizens at significant risk.
These attacks, whether launched by adversarial nation-states or “lone wolf” hackers, extract an emotional and financial toll. The Biden administration recognizes the significance of these impacts, issuing a Cyber Executive Order in May that places government agencies’ focus on identifying and taking immediate action to remediate cyber vulnerabilities, and empowers them to make more substantial, long-term improvements by allocating nearly $10 billion in the FY22 budget…just for civilian agency cybersecurity funding.
Public sector agencies need to be thinking right now about how to enhance their current and future cyber capabilities, including how to strengthen their cyber resiliency, protect and isolate sensitive data from attack, and most efficiently and effectively recover when the inevitable happens.
Here are a few key takeaways from our conversation:
- Because cyberattacks have become much more sophisticated, agencies need to rethink cybersecurity in a modern context. Cyber solutions bolted on to the existing infrastructure no longer suffice. Instead, they must be built-in, including an isolated cyber recovery capability.
- Backing up data should not be viewed as a panacea. First, data backups must be accompanied by backup structures to fully recover from an attack. Second, conduct tabletop exercises to prepare, practice, and confirm the recovery process (including infrastructure assets and human participants) works as expected – don’t simply check the box that backups exist. Third, remember the backups themselves can be favored by cyber criminals, because they understand the active network often receives the attention and associated defensive measures, and backups may not be a focus for protection.
- Agencies must be intentional about data sharing, because data represents the new currency for transactions. Spend time upfront on data discovery, and actively identify and classify all data. Then, limit data exposure and exchange only to those entities that absolutely need it. Employ Zero Trust and role-based access and permissions principles to mitigate and minimize risk of compromise. Finally, don’t forget about changing the culture through training so all recipients of data understand how to continue to protect it.
- Don’t let the perfect be the enemy of the good. Even if concepts like Zero Trust may not ever be fully implemented across the public sector, accept them in spirit, and start implementing them in high-value areas of the network to demonstrate success, and set the stage for subsequent incremental steps.
- Winning the cyberwar requires a change in approach that emphasizes the need for agility and a shift in mindset. With respect to the former, static, stagnant networks make for easy targets. Dynamic networks that leverage software-defined technology both on-premises and in the cloud better withstand attacks. With regard to the latter, compliance does not equate to security. Compliance represents a snapshot in time, and checking-and-forgetting leaves agencies immediately vulnerable to what comes next. A continuous risk management approach optimizes security, keeps pace with an ever-changing environment, and promotes faster movement and recovery.
“Ultimately, success on the cyberspace battlefield boils down to a combination of technology and culture,” said Chehreh. “Public sector agencies and the owners of critical infrastructure have access to the next generation tools necessary, but often training of personnel is not sufficient to gain and maintain the upper hand. They must make security intrinsic, and that requires continuous training and tabletop exercises, along with proactive risk management to reduce the likelihood of breaches and respond to them more efficiently and effectively when they occur.”
With an ever-evolving threat landscape, including a significant increase in ransomware attacks, government agencies need to consider their cyber resiliency and how to effectively recover from an incident.
For more information, stream the on-demand version of this Public Sector Tech Talk episode below.