as correlating interconnected events that might indicate a compromise. Some 23 percent of the survey respondents failed to identify their own vulnerabilities and compromises. Instead, they were notified of a compromise by a third party. Overall, organizations “are suffering from low visibility into their endpoints and indicators of attack.”
In its latest annual report to Congress on the progress of the Federal Information Security Modernization Act (FISMA), the Office of Management and Budget (OMB) states that despite “unprecedented improvements” in securing federal information resources in FY 2015, attackers continued to gain access to and compromise federal networks, information systems and data.
The total number of incidents agencies reported increased
by 10 percent over the previous year, to more than 77,000. The OMB report also states, “Independent evaluations of informa- tion security programs and practices conducted by agency Inspectors General identified several performance areas in need of improvement, including configuration management, identity and access management, and risk management practices.”
Major government cybersecurity programs are catching up to this reality of the severity and rapidly changing nature of the modern threatscape. The Department of Homeland Security, for example, has moved away from known signature-based detection for its Continuous Detection and Mitigation (CDM) and EINSTEIN programs. It’s moving towards a more “reputation-based” system to also help technology provided through those programs pick up on less obvious threats.
The CDM program is just now starting to roll out. Agencies will be able to buy tools from the DHS contract to give them a more comprehensive picture of the traffic moving on their net- works. EINSTEIN, which has been in place for several years, provides advanced firewalls to help detect and block threats
at the network edge. Eventually, DHS expects to merge the two programs with the goal of gaining more visibility into the cyberthreat landscape and mounting a more effective defense.
It is absolutely essential that agencies are able to detect and defend against attacks in both their physical and virtual networks. The criminal elements are smarter at developing and deploying new threats, so agencies need to be equipped to fight smarter.
THE THREAT VECTOR EVOLVES
The major threats now facing government agencies aren’t the broad-based, blunt force threats of old. The new term
for these pernicious evolving threats is Advanced Persistent Threats (APTs). Once an APT makes an initial intrusion,
it’s designed to sit in an organization’s network for weeks or months. It will steadily probe systems for valuable data or an
opportunity to disrupt services. It operates below the activity thresh- olds most current security tools would recognize as indicating
a potential threat. It’s these types of threats that are able to sneak through undetected.
SPONSORED REPORT
That’s likely what happened
during the Office of Personnel
Management (OPM) breach. Though the threat was
publicly reported in June 2015, it was thought to have
been present in OPM networks and systems for at least a year before it was noticed—perhaps longer. A similar type of attack was thought responsible for a breach of Internal Revenue Service security also in 2015. That incident affected some 800,000 tax file records.
Existing defense mechanisms are still required, but are no longer sufficient on their own. “Organizations still need good perimeter defenses,” says Reilly. “However, now they must also assume that APTs will penetrate those defenses and get into their networks. Having the right tools to ensure good visibility within those networks is critical so agencies can detect and defend against threats as soon as possible; then quickly miti- gate and recover from the threat activity.”
Getting ahead of those advanced and rapidly evolving threats is the primary focus of a comprehensive Cybersecurity National Action Plan (CNAP) the administration published in February 2016. Along with forming government-industry groups to promote better interaction between interested parties, it lays out various specific actions for improving government cyber- security. These include a proposed $3.1 billion Information Technology Modernization Fund to “enable the retirement, replacement, and modernization of legacy IT that is difficult to secure and expensive to maintain.”
The plan also promises a much deeper dive to learn why government agencies remain vulnerable to cyberthreats. If digital infrastructure is to remain a strategic asset and not a liability, agencies must diagnose and address the causes of cyber- vulnerabilities, and not just treat the symptoms. Government agencies must defend against cyberthreats with the same level of intensity and intelligence with which they’re being attacked.
For more information, please visit: www.gigamon.com