Building real cyber resiliency in government

 

Connecting state and local government leaders

As agencies take a threat-based approach to security, cloud is also playing a large role in resiliency plans.

Across the country, government teams are pushing through roadblocks and finding new ways to get the job done while working remotely. The challenge is that as “how” and “where” work happens evolves, cyber threats likewise adapt. Adversaries are exploiting vulnerabilities and finding new ways to attack government networks and data. These attacks include an alarming rise in ransomware, phishing, smishing and vishing, with agencies experiencing upwards of 6.5 million attacks a day, up from 150,000 daily attacks before the pandemic.

I recently moderated an ACT-IAC panel of experts from the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Education and the Federal Risk and Authorization Management Program to discuss how organizations can take a threat-based approach to cybersecurity, paving the way for expanded use of cloud services and resiliency for the future.  Here are some takeaways from that discussion:

The state of the threat landscape

Today’s adversaries have a variety of attack motivations. Goals include gaining permanent residence on systems and networks, stealing government information and encrypting data to weaponize for a ransomware attack.

Traditionally, adversaries rely on vulnerabilities in a web browser or send email to carry out attacks, but the focus has shifted to targeting individuals and scanning cloud systems to look for misconfigurations. Botnets targeting individual workstations are leaving payloads behind waiting for unwitting users to click on the nefarious link.

New strategies include creating fake social networking profiles to gain trust and then coercing users to click harmful links. Smishing attacks, which leverage text or SMS messages to gather information, and vishing attacks that use phone or voice messages to encourage users to visit fake sites to capture their credentials are also rampant.

“As we look at our threatscape, it’s important for us to understand that [attacks are] evolving at a rapid pace … and we have to evolve and adapt faster than they do,” Education Department Chief Information Security Officer Steven Hernandez said. “We have a greater [resilience] in a few areas: technology, our people -- investing in them to ensure that they're the best that they can be -- and then building the coalitions so that we can outflank those threat vectors.”

The pillars of cyber resilience

While threats are constantly evolving, Branko Bokan, a cybersecurity specialist at CISA, said the tactics, techniques and procedures are actually the same -- the real change is in the distribution type and frequency of these attacks. “Regardless of how well we try to prevent cyberattacks, they will always happen, and we have to be ready and able to detect bad things when they happen, or as soon as possible after they happen,” he said.

Often, organizations think of cybersecurity as preventing/protecting networks against cyber threats – but that is just one element of the cybersecurity framework, as outlined by the National Institute of Standards and Technology.

NIST framework includes five functions, which match the pillars for cyber resiliency: identify, protect, prevent, respond and recover.

By dividing cybersecurity into these five stages, agencies can identify cyber actions adversaries might take. It can also help them create a coverage map of the threat landscape to see how their current capabilities can protect, detect and respond to each one of these actual threat actions – and identify where the gaps are.

Cloud for long-term resilience

As agencies take a threat-based approach to security, cloud is also playing a large role in resiliency plans. The Department of Education, for example, doesn’t own a data center, Hernandez said. “We are 100% reliant on cloud in almost all of our major mission workloads,” he said.

Cloud is ideal for agencies’ continuity of operations planning because of its elasticity, which allows them to expand resources and support more users as needed. Cloud also provides real-time visibility across the network, making it as secure as, if not more secure than, a traditional data center environment.

In addition, cloud provides a modern solution for patching across agencies’ many endpoints and secure access service edge (SASE)-based solutions. Rather than backhauling traffic through traditional on-prem software patch management solutions, multi-tenant clouds can offer agencies an important benefit. This cloud effect -- as we at Zscaler call it -- allows cloud service providers to immediately detect attacks and, within seconds, push hundreds of thousands of security updates a day to every user on any device, anywhere.  

To assist agencies with patching roaming devices, CISA also released remote patching guidance to align with the updated Trusted Internet Connections guidance. TIC 3.0’s flexibility allows agencies to take advantage of much-needed remote work solutions, such as cloud-based, secure web gateways and zero trust architecture.

“We start to use these concepts together and give this roadmap for how you can apply these concepts to not only that old traditional TIC model … but it's flexible enough to apply the same concepts to new architectures and new possibilities,” said Sean Connelly, CISA’s TIC program manager and senior cyber security architect.

Sharing guidance, sharing information

Building resilience requires continuous refinement, evolution and the ability to gain situational awareness. Analysis tools to identify, protect, prevent, respond and recover to threats will be critical.

Agencies can also take advantage of government programs -- TIC 3.0, Einstein, and Continuous Diagnostics and Mitigation (CDM) to secure cloud connections, gain visibility and better identify and mitigate threats.

One of the many unspoken benefits of the new TIC 3.0 policy is that all providers stream telemetry data to the Einstein and CDM programs, providing a new, more innovative approach. For example, the current Einstein program may report on eight to 10 fields, where a cloud-based provider can deliver up to 10 times as many fields of log/threat data.   

While these resources are federally focused, state, local and tribal governments -- and even industry -- can benefit from the strategies and guidance.

“Being able to get these folks together in common forums is a great way to make sure that we’re sharing information, because we all have common goals of protecting our missions,” Hernandez said. “But it's also interesting that we discover new things all the time.”

NEXT STORY: When remote doesn’t work

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.