The Cybersecurity and Infrastructure Security Agency has recently spotlighted significant cybersecurity vulnerabilities within a prominent U.S. government agency. These alarming revelations stem from the exhaustive SILENTSHIELD red team assessment in 2023, targeting a federal civilian Executive Branch (FCEB) organization. CISA’s red team successfully breached the FCEB agency’s network by simulating advanced nation-state cyberattacks. After the breach, they gained initial access by exploiting an unpatched vulnerability in the Solaris system and used phishing tactics to acquire Windows credentials. The findings paint a concerning picture for federal agencies, emphasizing an urgent need for enhanced cyber resilience to meet fundamental security standards.
Challenges across federal agencies
It’s important to note that not all federal agencies are the same, and this red team assessment should not lead one to believe that all agencies face identical challenges. Legacy systems, unpatched devices, and outdated hardware and software contribute significantly to cybersecurity vulnerabilities.
Underfunding of these complex IT environments is a common issue across many agencies, hampering their ability to maintain and protect IT resources.
While IT teams are tasked with keeping systems up to date, the reality is that they often lack the necessary resources to perform basic IT operational tasks, such as effective asset and configuration management. Without adequate resources to maintain necessary hygiene practices, IT environments can quickly become unmanageable.
To address these issues, federal agencies must sustain IT systems until the end of their life cycles. However, cyber breaches will continue unless the federal government allocates sufficient funds for essential IT maintenance and support. The White House’s push for increased cybersecurity funding is a positive step, but a significant part of cyber resilience involves foundational IT work. Instead of investing solely in new cyber tools, there should be a focus on operations and maintenance functions that IT teams need to apply for more efficient and secure IT operations.
Centralized cybersecurity efforts
Not every federal agency should be left to fend for itself regarding IT and cybersecurity. A centralized agency, such as CISA, could handle these responsibilities for multiple agencies, providing a more cost-effective and long-term approach. Federal agencies have broad and disparate responsibilities and missions, and while IT often serves as a mission enabler, it is not often the core function. Additionally, there is often intense competition amongst agencies for limited IT and cybersecurity talent.
While some agencies may have the resources to manage their IT needs, this is not the norm across government. CISA, on the other hand, specializes in protecting and safeguarding critical assets.
Assuming breaches and building cyber resilience
Given the complexity and scale of the current environment, we believe agencies must assume that breaches will occur. This reality brings the conversation to resilience. Agencies need to have a game plan for when breaches happen. They must identify their critical systems, determine what needs to be up and running and ensure visibility into these systems. By focusing on identities and data, agencies can enhance their resilience.
Strong identity management is the first step. Whereas before, there was a distinction between insider threat and cybersecurity, this is now no longer the case. It is imperative to assume that any legitimate credential can be — and has been — used to perpetrate harm. Agencies should know all their human and non-human accounts and manage and monitor them effectively. Human accounts are those associated with individual users, typically employees or contractors. These accounts are used to access various systems, applications and data necessary for their work, such as email or login credentials to access the agency’s internal network. Non-human accounts are used by applications, services or devices rather than individuals. These accounts often perform automated tasks or facilitate communication between different systems, such as a service account used by a backup software to access and store data on a server.
By auditing and logging these accounts, agencies can ensure that only authorized users and systems have access to sensitive information, reducing the risk of security breaches. Additionally, agencies must identify their critical data, understand where it resides, and know who has access to it for the simple reason that the vast majority of cyber incursions are conducted in order to steal data or deny its use to the compromised organization. At the end of the day, it’s all about the data, and identities are the vehicle by which you get to that data.
Data management and backup
Cyberattacks often aim to steal and exploit data. Without a clear understanding of identities and data locations, agencies cannot effectively defend against these attacks. Data management is essential, as data has a lifespan and must be managed accordingly.
Backup is another critical aspect of cyber resilience. Agencies that know their critical workloads and data locations can effectively backup and protect their data. This practice provides insights into the relevance of data and helps agencies make informed decisions about data retention and access permissions.
The future of federal cyber resilience requires a multifaceted approach
Data and identity integration will be critical in the future. Security operation centers (SOCs) should have dashboards that provide visibility into data access policies and violations. Understanding how credentials are used daily and monitoring access patterns will be crucial in detecting and mitigating cyber threats. Artificial intelligence, machine learning and data analytics can help agencies manage and monitor identities and data access more effectively.
Further, the SILENTSHIELD red team assessment has highlighted the urgent need for enhanced cyber resilience within federal agencies. Building this resilience requires a multifaceted approach. By addressing foundational IT work, centralizing cybersecurity efforts, and focusing on identities and data, agencies can significantly improve their ability to withstand and recover from cyberattacks. The findings underscore that federal agencies will remain vulnerable to sophisticated threats without immediate and sustained efforts, including securing the necessary funding for essential IT maintenance and support. To that end, federal agencies must prioritize resilience to safeguard critical assets and maintain national security.
Mike Mestrovich is chief information security officer at Rubrik
CISA’s SILENTSHIELD assessment requires urgent measures
The SILENTSHIELD red team assessment has highlighted the urgent need for enhanced cyber resilience within federal agencies.
The Cybersecurity and Infrastructure Security Agency has recently spotlighted significant cybersecurity vulnerabilities within a prominent U.S. government agency. These alarming revelations stem from the exhaustive SILENTSHIELD red team assessment in 2023, targeting a federal civilian Executive Branch (FCEB) organization. CISA’s red team successfully breached the FCEB agency’s network by simulating advanced nation-state cyberattacks. After the breach, they gained initial access by exploiting an unpatched vulnerability in the Solaris system and used phishing tactics to acquire Windows credentials. The findings paint a concerning picture for federal agencies, emphasizing an urgent need for enhanced cyber resilience to meet fundamental security standards.
Challenges across federal agencies
It’s important to note that not all federal agencies are the same, and this red team assessment should not lead one to believe that all agencies face identical challenges. Legacy systems, unpatched devices, and outdated hardware and software contribute significantly to cybersecurity vulnerabilities.
Underfunding of these complex IT environments is a common issue across many agencies, hampering their ability to maintain and protect IT resources.
While IT teams are tasked with keeping systems up to date, the reality is that they often lack the necessary resources to perform basic IT operational tasks, such as effective asset and configuration management. Without adequate resources to maintain necessary hygiene practices, IT environments can quickly become unmanageable.
Learn how high-impact service providers have helped the government reinvent the way they deliver their mission and services to the public in this exclusive ebook, sponsored by Carahsoft. Download today!
To address these issues, federal agencies must sustain IT systems until the end of their life cycles. However, cyber breaches will continue unless the federal government allocates sufficient funds for essential IT maintenance and support. The White House’s push for increased cybersecurity funding is a positive step, but a significant part of cyber resilience involves foundational IT work. Instead of investing solely in new cyber tools, there should be a focus on operations and maintenance functions that IT teams need to apply for more efficient and secure IT operations.
Centralized cybersecurity efforts
Not every federal agency should be left to fend for itself regarding IT and cybersecurity. A centralized agency, such as CISA, could handle these responsibilities for multiple agencies, providing a more cost-effective and long-term approach. Federal agencies have broad and disparate responsibilities and missions, and while IT often serves as a mission enabler, it is not often the core function. Additionally, there is often intense competition amongst agencies for limited IT and cybersecurity talent.
While some agencies may have the resources to manage their IT needs, this is not the norm across government. CISA, on the other hand, specializes in protecting and safeguarding critical assets.
Assuming breaches and building cyber resilience
Given the complexity and scale of the current environment, we believe agencies must assume that breaches will occur. This reality brings the conversation to resilience. Agencies need to have a game plan for when breaches happen. They must identify their critical systems, determine what needs to be up and running and ensure visibility into these systems. By focusing on identities and data, agencies can enhance their resilience.
Strong identity management is the first step. Whereas before, there was a distinction between insider threat and cybersecurity, this is now no longer the case. It is imperative to assume that any legitimate credential can be — and has been — used to perpetrate harm. Agencies should know all their human and non-human accounts and manage and monitor them effectively. Human accounts are those associated with individual users, typically employees or contractors. These accounts are used to access various systems, applications and data necessary for their work, such as email or login credentials to access the agency’s internal network. Non-human accounts are used by applications, services or devices rather than individuals. These accounts often perform automated tasks or facilitate communication between different systems, such as a service account used by a backup software to access and store data on a server.
By auditing and logging these accounts, agencies can ensure that only authorized users and systems have access to sensitive information, reducing the risk of security breaches. Additionally, agencies must identify their critical data, understand where it resides, and know who has access to it for the simple reason that the vast majority of cyber incursions are conducted in order to steal data or deny its use to the compromised organization. At the end of the day, it’s all about the data, and identities are the vehicle by which you get to that data.
Data management and backup
Cyberattacks often aim to steal and exploit data. Without a clear understanding of identities and data locations, agencies cannot effectively defend against these attacks. Data management is essential, as data has a lifespan and must be managed accordingly.
Backup is another critical aspect of cyber resilience. Agencies that know their critical workloads and data locations can effectively backup and protect their data. This practice provides insights into the relevance of data and helps agencies make informed decisions about data retention and access permissions.
Read more: Commentary
The future of federal cyber resilience requires a multifaceted approach
Data and identity integration will be critical in the future. Security operation centers (SOCs) should have dashboards that provide visibility into data access policies and violations. Understanding how credentials are used daily and monitoring access patterns will be crucial in detecting and mitigating cyber threats. Artificial intelligence, machine learning and data analytics can help agencies manage and monitor identities and data access more effectively.
Further, the SILENTSHIELD red team assessment has highlighted the urgent need for enhanced cyber resilience within federal agencies. Building this resilience requires a multifaceted approach. By addressing foundational IT work, centralizing cybersecurity efforts, and focusing on identities and data, agencies can significantly improve their ability to withstand and recover from cyberattacks. The findings underscore that federal agencies will remain vulnerable to sophisticated threats without immediate and sustained efforts, including securing the necessary funding for essential IT maintenance and support. To that end, federal agencies must prioritize resilience to safeguard critical assets and maintain national security.
Mike Mestrovich is chief information security officer at Rubrik
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
Network connectivity: An urgent matter of national security
NIST’s quantum standards: The time for upgrades is now
For federal agencies, targeted communications are central to executing CX initiatives