How Agencies Can Defend Against Killware
It is not a new concept that cyber attacks have consistently become more dangerous and sophisticated in recent years. With current international tensions and the increased frequency of attacks on United States infrastructure, it is critical that key institutions like the Department of Defense continuously evaluate their cyber defense capabilities. DoD's ability to protect its networks against all contemporary and emerging cyber threats is especially vital with the rise of killware.
Killware is malware or ransomware specifically designed to disrupt the real-world health and well being of its targets, causing harm or death. To accomplish their goals, bad actors employ killware by pursuing critical infrastructure and facilities such as military hospitals, water and waste suppliers, and power grids, which when compromised or nonfunctioning, significantly impact individuals' everyday lives.
For example, last year, a malicious actor launched an attack on a water treatment facility in Oldsmar, Florida. The cyber criminal hacked into an employee's computer to elevate the level of hydroxide in the water to much higher-than-normal levels in an attempt to cause real-world sickness and harm. Although the attacker was caught before any real harm could be done, the level of damage could have been disastrous.
Last October, the FBI, the Cybersecurity and Infrastructure Agency, the Environmental Protection Agency and the National Security Agency took note of this threat and issued a joint advisory warning concerning attempts to compromise U.S. Water and Wastewater Systems (WWS) Sector facilities, highlighting the overall threat of killware and its effects.
This threat is also not exclusive to the United States. In the past two years, killware-qualifying cyber attacks are becoming more prevalent as Ukraine reports attacks on its power grid and state banks. These attacks are especially critical for the defense sector, which is responsible for the protection of citizens. But how can defense agencies combat this deadly threat?
ZTNA and IP Cloaking Can Help
An effective zero-trust network architecture (ZTNA) can provide both defensive and offensive capabilities to agencies, mitigating the overall risk of killware attacks through techniques such as IP cloaking.
In its simplest terms, IP cloaking hides an individual's IP address online. It is a valuable tool to help prevent bad actors from gaining access to networks. Bad actors cannot hack what they can't find, and by accessing a network through a proxy server (or second endpoint device), a user can access the internet while their IP address remains hidden. This technique creates trusted relationships between users and networks and users from attacks.
ZTNA also allows organizations such as Security Operation Centers (SOCs) to adjust their tactics, techniques and procedures in real time. For example, when some DoD SOCs that continue to employ legacy systems identify suspicious network traffic or activity, they must go through a lengthy process of identifying and documenting the threat, creating a counter for that particular malware or behavior, requesting approval to execute the counter, and finally implementing the changes. This process is not only tedious for one instance of suspicious behavior but also time-consuming—taking up to a week for one alert.
When it comes to DoD and critical infrastructure, people's lives are on the line. Agencies can't afford to wait a week to address potential threats that may not turn out to be a legitimate attack. This is where a comprehensive ZTNA comes in.
With ZTNA-enabled capabilities and overlays, agencies have a comprehensive overview of all the interconnected nodes in a network. With this overview, if a SOC or agency notices suspicious behavior, they can deny the attacker access with the click of a mouse, cutting out the time and effort that would otherwise be spent if the agency was using a legacy system without ZTA capabilities.
Once the threat has been denied access, agencies can microsegment the threat onto a digital twin, where they have time to further investigate the threat, where it is coming from, and how they can prevent similar attacks in the future.
How DoD and Government Are Eorking to Solve These Issues
The defense sector and the White House have taken steps to implement the changes required to combat killware. The recent zero-trust strategy put out by the White House requires that agencies adopt various zero-trust approaches and capabilities by the end of the 2024 fiscal year.
DoD is also creating a zero-trust portfolio office to manage the Defense Department's zero-trust architecture program, and the Defense Information Systems Agency was heavily involved in creating the zero trust cybersecurity reference architecture.
Additionally, the Biden administration's recent fiscal year 2023 budget allocates more than $1 billion for Navy cybersecurity and $11.2 billion for additional cyber efforts such as defending critical infrastructure and expanding forces under U.S. Cyber Command's authority.
These initiatives show how seriously the government is taking cybersecurity and, by extension, the threat of killware.
What is Next?
As the threat of killware and other cyber attacks continue to rise, it is critical now more than ever that defense agencies implement a comprehensive zero-trust architecture.
Looking beyond the current legislation and initiatives around cybersecurity, defense agencies must continue to combat this new threat by implementing a comprehensive ZTNA and proactive capabilities like Internet protocol cloaking.
Brian Erickson is vice president, Strategy and Solutions, Vidoori, and and a retired U.S. Navycaptain.