Achieving air-tight cybersecurity with KVM
- By John Minasyan
- Mar 08, 2021
Cyberattacks and data breaches are a daily occurrence -- and the stakes have never been higher for government agencies and private-sector organizations. Data breaches skyrocketed in 2020, increasing 273% in just the first quarter of the year.
There are countless available technologies aimed at combating cyber threats, yet hackers are innovating faster. Once attackers are in the network, they focus on finding more valuable assets while trying to hide their presence. This east/west attack vector is especially vexing as it’s very difficult to determine where attackers have been and what they have touched.
According to the 2020 Verizon Data Breach Investigations Report, the government sector suffered from 6,843 security incidents from 2019 to 2020, 346 with confirmed breaches. While threat origins are numerous, miscellaneous human-based errors lead the pack in terms of cause, according to the report.
As part of a broader cybersecurity defense strategy, agencies labor to isolate their networks and network assets to ensure that the most mission-critical data is never exposed to the public internet and only accessible to those with tightly controlled permission. The air-gap network ensures that advanced signaling attacks that may compromise a desktop have no way of propagating to more sensitive systems as there simply is no route from one network to the other. However, air-gaps can be breached when a peripheral is shared between isolated systems. Operators that need to access multiple systems to effectively carry out their duties must deal with multiple sets of redundant peripherals on their desk or run the risk of introducing a path for attack from a compromised system to a secure system.
The KVM: Powerful but underestimated
A proven and effective way to share peripherals while safeguarding the air-gap isolation is through the use of secure keyboard-video-mouse (KVM) switching devices that allow government employees to switch between networks with various security levels from one desktop. These devices have been around for years, but new standards released last year by the National Information Assurance Partnership are bringing new attention to secure peripheral switching devices and are allowing government agencies to rethink how these tools can benefit their users. The new Protection Profile format in NIAP PP PSD 4.0, allows each of its modules to be independently updated or revised as needed and should make the standard more agile in addressing the rapid pace of new vulnerability discovery and mitigation strategy development.
Governments are looking for solutions that meet the new standards and do not comprise user experience. Secure KVMs safeguard critical network assets by maintaining isolation between channels while improving an operator’s efficiency and effectiveness in working across secure and non-secure systems at the desktop. Agencies deploy secure KVM switches to allow one set of peripherals to be used across different networks with differing levels of security to reduce desktop clutter, boost efficiency and help save budget by consolidating desktop peripherals.
Most secure KVMs are built to support a particular video standard, while a large agency may have three or more different computing platforms with various video interfaces. This makes it extremely hard to properly manage secure KVM devices throughout their lifecycle, creating unnecessary burdens on IT departments and ultimately wasting time and money. A secure KVM that seamlessly accommodates disparate video input/output formats makes it possible to deploy the same KVM across multiple users and deployment scenarios.
Government agencies implement secure KVM solutions to protect against vulnerabilities at the desktop and maintain air-gap isolation between secure and non-secure networks but also to enable a productive, flexible workspace. With solutions that emphasize user experience and prioritize future-ready technology, agencies can deliver critical security with limited compromises for stakeholders.
Threats are on the rise, with government data and computer systems as prime targets for hostile foreign governments, terrorists and cybercriminals. Agencies purchasing KVM equipment must carefully weigh all the security and functionality features of these devices to make certain the units provide the safest, most secure and user-friendly functionality to prevent the compromise of government assets.
John Minasyan is director of product management, cybersecurity business unit at Belkin.