By AI Trends Staff
President Joe Biden in May released an Executive Order on improving the nation’s cybersecurity, an effort to respond to recent cyber espionage campaigns and fundamentally rethink how security is provided in the nation’s digital infrastructure.
“In our view, the EO does two things,” stated an advisory from PwC, the professional services network. One, it calls for making the federal government systems stronger and safer, so they are more difficult to break into, and it pushes specific actions to modernize cybersecurity in the federal government, such as a zero trust architecture.
Second, the EO sets a goal for more effective and agile federal government responses. It requires IT providers to report cyber incidents and removes contractual barriers for them to share information with government entities.
US adversaries understand that the country has a digital economy, with much of the critical infrastructure in the hands of the private sector. Nation-states and criminal groups engage in ransomware attacks, cyberespionage, and disinformation operations that fuel social discord and make headlines.
“The United States needs a more organized approach to these cyberthreats—one that enables the private and public sectors to work together ahead of attacks rather than play catch-up,” stated Sean Joyce, lead of PwC’s global cybersecurity practice, in a recent account in The Washington Post.
Today, federal government responsibility for cyberspace is divided among the intelligence community, law enforcement, military, the Cybersecurity and Infrastructure Security Agency (CISA) and regulatory agencies, he notes. These agencies are among those with primary responsibility for protecting government networks, which are scanned and attacked every day, and protected by a range of tools to identify, protect again and respond to the threats.
However, according to CISA, more than 80% of the energy infrastructure is owned and operated by the private sector. “These companies are expected to defend their assets against highly organized criminal groups that are sometimes surrogates for nation-state actors—and to do so without our government’s support,” states Joyce. “We need a different approach to protect our way of life.”
His suggestion is to have one organization within the government headed by a new national cyber director overseeing three units: one unit focused on strengthening public-private partnerships, one on offensive and defensive operations, and one focused on intelligence collection, analysis and sharing.
A centralized partnership unit led by the CISA director could coordinate cyber efforts on behalf of the government. That way, businesses know who to call.
To ensure responses to attacks are handled in a coordinated manner, the unit focused on offensive and defensive operations would take a lead. An attack, such as the recent SolarWinds malware offensive that affected many businesses, would be handled by this unit, led by the FBI and NSA, agencies with primary jurisdiction in national security matters.
This central unit could be staffed by both the private sector and government, to reinforce the public-private partnership needed to counter cyber threats, Joyce suggests.
Cybersecurity on Agenda at Biden-Putin Summit in Geneva
President Biden kept the focus on cybersecurity concerns during a meeting with Russian President Vladimir Putin on June 16 in Geneva. The US has accused Russia of letting cybercriminals and ransomware gangs within its borders a free rein to operate, according to a recent account in Dice.
“This year has been focused on ransomware and IoT and critical infrastructure attacks that have been destructive in both operational capabilities and to the financial state of many businesses,” stated Tyler Shields, CMO at security firm JupiterOne. “We also saw a continued increase in the number of data breaches resulting from unknown and incorrectly configured data stores being targeted.”
He suggested that, “Fundamentally, enterprises and critical infrastructure providers need to do a better job of knowing what assets exist in their network and how they are configured at any given point in time.”
The Dice authors suggested the following cybersecurity trends bear watching through the end of 2021:
Hybrid work models. As more workers plan to split time between home and office work environments, the attack surface is expanded.
“As employees return to the office, you can certainly expect an immediate uptick in support calls as infected devices attempt to connect directly to the corporate network,” stated John Morgan, CEO at Confluera, supplier of cloud security detection and response services. “What I think you should watch out for, though, is not the immediate uptick, but rather the attack that simmers slowly and travels under the radar. It’s those attacks that will slip through your fingers.”
Hackers who have gained entry may be willing to wait weeks or months to begin an attack, lying dormant, maybe taking small steps not easy to detect. IT and security analysts need tools to correlate weak signals to make sense of an attack in progress, or to correlate events occurring weeks or months apart. “This gap in security coverage is what organizations should be concerned about,” Morgan stated. “Once an attacker gains access into a corporate device or network, they are in no hurry to navigate from servers to servers looking for their prize.”
Return of Shadow IT. With employees returning to offices to some degree, they are likely to bring the devices they have come to rely on, or the apps they used to conduct their(work, which opens the door to a wave of shadow IT technology and the security issues that follow. (Shadow IT refers to information tech systems deployed by individuals or departments outside central IT.)
“As employees transition back to the office, organizations find themselves needing to get a better handle on apps, services, and networks that could be accessed through personal devices,” stated Bert Kashyap, CEO and cofounder of security firm SecureW2, to Dice. “Implementing device trust through digital certificates is at the core of zero trust projects for the second half of the year, as organizations need assurances that device security standards are being met.”
Zero trust. President Biden’s Executive Order on cybersecurity put zero trust at the top of the security priority list for the federal government. Experts see zero trust adoption skyrocketing in the second half of 2021. Zero trust essentially means the concept of trust is eliminated from an organization’s network architecture. Identities need to be verified.
“Organizations need to strongly consider a zero trust approach to security, which can ensure damage is limited even in the case that privileged accounts are compromised,” stated Kevin Dunne, president of security firm Pathlock. “Rationalizing the applications, identities, access and roles into a manageable and understandable structure is the foundation of a zero trust architecture. From there, organizations can implement more investigative and preventative policies to ensure that the access that has been granted is being used as it was intended to be.”
The meaning of zero trust is of course subject to interpretation, but it stems from a recognition that an organization cannot physically control every device its employees use anymore. Also, in the old model, once an attacker slips through a perimeter defense, remotely or by physically infiltrating an organization, the network would grant them a degree of trust and freedom. That may not be good enough anymore.
Google experienced a sophisticated attack against its corporate network in 2011, stated Heather Adkins, Google’s senior director of information security, in a recent account in Wired. “Hackers backed by the Chinese government rampaged through Google’s networks, exfiltrating data and code while trying to establish backdoors, so they could get back in if Google tried to kick them out,” she stated.
The experience caused the company to rethink its cybersecurity system. “We realized that the way we were all taught to build networks just didn’t make any sense. So we went back to the drawing board,” Adkins stated. Today, “Even if someone had access to a Google machine, nothing trusts it. It’s much more difficult for an attacker because we’ve changed the battlefield.”