Defending the government enterprise
- By John DeSimone
- Apr 08, 2020
The COVID-19 pandemic has changed the way we live and do business. For the first time, millions of Americans are working from home, and those numbers will only increase as new restrictions on public gatherings go into place -- stressing VPNs and swamping computer servers. Remote work also introduces new cyber risks as more employees take their computers outside the office and into home-based networks. In many ways, this new normal will become a litmus test for an organization’s cyber defenses -- and perhaps the country’s national security.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency recently issued an alert warning organizations about specific vulnerabilities regarding teleworking and shoring up their enterprise VPN security to meet an up-tick in malicious attacks as hackers will exploit the pandemic to assault critical infrastructure and disrupt essential systems. If adversaries like Russia or North Korea were to breach government systems and networks, they could severely hamper efforts to decelerate the spread of the virus or steal the nation’s most guarded secrets.
We’re seeing firsthand the importance of having processes in place to ensure that the most critical systems and sensitive assets are protected at all costs. Agencies are taking immediate steps to defend existing perimeters and implement basic cyber hygiene, including instituting multifactor authentication, guarding against phishing attacks and prohibiting employees from using public Wi-Fi.
However, those simple steps alone won’t be enough. Cybercriminals have a wealth of sophisticated threat vectors to deploy. It’s simply not enough for agencies to defend their network’s increasingly permeable perimeter and endpoints.
If a bad actors gain access to the system, absent a zero-trust environment, they can easily hop around inside a network and tamper with or steal sensitive information. Government must treat its enterprise as a battlefield and assume that criminals already have access.
To keep up defenses, agencies must implement enterprise resiliency capabilities and a holistic architecture that provides a zero-trust solution, verifying all users and devices and offering enterprise-scale data protection and cyber resiliency.
A zero-trust infrastructure enforces risk-based security controls and policies, monitors data in real time, detects and prevents unauthorized data access and improves data resiliency and availability, among other things.
Such an architecture will prevent attackers from compromising a network, or for those criminals already inside the system, from moving laterally. Each device -- whether it’s a laptop, mobile phone or tablet -- uses a token to authenticate it to the zero-trust software.
As more employees will be logging onto the VPN from home, agencies must also monitor their VPN connections more closely than ever. It should be agency policy for employees using a work device from home or from any place outside the office should be connected via VPN while online, at all times. The security team should verify that logs are going into their security information management systems, and if they’re not, they must complete additional periodic reviews of those logs to verify each connection.
Agencies must develop and deploy defenses, including data-loss protection, blockage of untrusted software, multifactor authentication and collaborative data access control tools. Those agencies that do not have sound security processes in place today must take steps to mobilize enterprise resiliency and mitigate cyber threats.
We must ensure our essential systems and critical infrastructure have the solutions in place to stymie all cyberattacks and defend government agencies and ultimately the nation’s assets.
John DeSimone is vice president of cybersecurity and special missions for Raytheon Intelligence and Space.