Five Steps to Prepare for the Next Cyber Attack
Cyber assaults are a fact of life. Government agencies should fortify networks now.
Government IT professionals have clear concerns about the threats posed by careless and untrained insiders, foreign governments, criminal hackers and others. For the government, cyber attacks are a matter of life. We must deal with them as a common occurrence.
Fortunately, agencies are becoming far more proactive in their efforts to combat threats, as evidenced by the Department of Defense’s Comply-to-Connect and the Department of Homeland Security’s Continuous Diagnostics and Mitigation programs. To develop and maintain strong security hygiene that supports these and other efforts, agencies should consider implement five actions that can help strengthen networks before the next attack.
Identify and dispel vulnerabilities.
Better visibility and understanding of network devices is key to optimal cybersecurity. Agencies should maintain device whitelists or known asset inventories and compare the devices that are detected to those databases. Then, they can make decisions based on their whitelist.
Legacy hardware and software applications might have security holes that can no longer be patched. Identifying these vulnerable assets and updating them to modern systems that are built for today’s security environment will likely be more cost effective—and more secure—than trying to maintain older systems.
Update and test security procedures.
Many agencies engage in drills. For instance, the Department of Homeland Security’s Cyber Storm biennial exercise series puts participants through a series of activities designed to bolster their cybersecurity response capabilities.
But it is equally important to test capabilities on a smaller scale and monitor performance under simulated attacks. Agencies must get into the habit of testing every time a new technology is added to the network, or each time a new patch is implemented. Likewise, teams should update and test their security plans and strategies frequently. In short, verify, then trust. An untested disaster recovery plan is a disaster waiting to happen.
Make education a priority.
A significant number of federal IT professionals feel that agencies are not investing enough in employee training. Lack of training could pose risks if IT professionals are not appropriately knowledgeable on technologies and mitigation strategies that can help protect their organizations.
It is incumbent upon senior leadership, including the CIO, to impart their agencies’ overall strategies and goals to everyone. Those messages must be continually reinforced through weekly meetings, quarterly check-ins, reports and other means. Establishing that baseline level of knowledge will help those on the cybersecurity front lines better understand what is at stake and where they need to focus their efforts.
Agencies must also invest in ongoing user training so their teams can be more effective. This includes solution training, but it may also encompass sessions that focus on the latest malware threats, hacker tactics, or the potential dangers posed by insiders. Whatever the method, a regular cadence of continuing education is essential to the ongoing cybersecurity fight. It helps to be in compliance with Defense Department directive 8570, which provides information assurance guidance, but that that compliance alone does not guarantee proper network hygiene.
Take a holistic view of everyone’s roles.
It is good that the government is focused on hiring highly skilled cybersecurity professionals. Last year the General Services Administration held a first-ever event to recruit new cybersecurity talent, and we will likely see similar job fairs in the future.
Too often, however, organizations hire people with unique skillsets that are mostly concerned with only their individual jobs. A network manager might be worried about network penetration testing, while the virus team might be worried about the next WannaCry malware.
Security is everyone’s job. Managers must institute a culture of information sharing amongst team members; there is no room for silos in cybersecurity. Everyone must be vigilant and on the lookout for potential warning signs, regardless of their job descriptions.
Implement the proper procedures for a cyber assault.
Still, threats will inevitably occur, and while there are a variety of mechanisms and techniques that can be used in response, all involve having the correct tools working in concert. For instance, a single next-generation firewall is great, but ineffective in the event of data exfiltration over domain name server traffic.
To help protect critical services, agencies must employ a suite of solutions that can accurately detect anomalies that originate both inside and outside the network. These should include standard network monitoring and firewall solutions. Agencies may also want to consider implementing automated patch management, user device tracking and other strategies that can provide true defense-in-depth capabilities.
The good news is that once an attack occurs, agencies can use the insights gleaned from the incident to learn, perfect and prepare for the next one. The proactive cycle outlined here should start anew so that when another threat rears its head, government networks and the professionals who manage them will be better equipped to meet it head on.
Paul Parker is chief technologist, federal and national government at SolarWinds.