The Government Accountability Office concluded that the Defense Department needs to “take decisive actions to improve cyber hygiene” in its latest report.
Implementing basic cybersecurity hygiene such as raising awareness through training is necessary; however, this is not an effective means of protecting against advanced threats. Many traditional cybersecurity tools focus on managing risk as opposed to combating it actively head on. A cyber-resiliency approach is needed to detect and actively defend against advanced threats so enterprise systems can continue operating in the face of adversity.
For example, organizations can employ cyber resiliency tools that protect the integrity of the software layer in critical systems. These tools block unauthorized or modified applications from executing on a protected system. Other tools can provide real-time analysis and threat detection and secure a system from power throughout operational use.
The DoD and its sprawling defense industrial base are vast and complex — making it more challenging to protect these entities against malicious activity. As the attack surface area grows within the DoD, hackers continue to sharpen and deploy new and innovative attacks.
The repercussions of a cyber attack can cripple an enterprise’s mission-essential functions. Throughout the first quarter of 2019, ransomware incidents increased 118 percent, costing 10 days of downtime, or the equivalent of $72 million. Cyber resiliency ensures an entity is able to perform mission-essential functions and operations, even under pressure, such as when an adversary has penetrated its defenses and compromised cyber assets.
Data itself has a multi-layered lifecycle of its own that can be threatened from a number of vectors. It can also be manipulated to create uncertainty and unintended outcomes within critical systems. If one of the layers in the system is compromised, attackers know they can bring an organization of any size to its knees. Taking a proactive, multi-layered approach effectively combats this complexity, while bolstering cybersecurity.
Assume the enemy is in — be proactive
Organizations can be better equipped and proactive when threats occur by assuming an attacker has already obtained access and escalated privileges.
Proactive measures require a multi-layered approach. A cyber-resiliency strategy should include protections at multiple vantage points in technology. Protections should be added at the following three layers:
Communications/network protection provides organizations with the tools necessary for real-time analysis and threat detection.
Operating system/software protection allows organizations the ability to protect the integrity and confidentiality of critical applications and data, prevent unauthorized execution, and provide automated cyber event detection and responses.
Hardware level protection validates the integrity of hardware and firmware.
Factor in today’s virtual landscape
Currently, the need for cyber resiliency is heightened as tens of thousands of military and civilian personnel are working remotely. The DoD has increased its capacity for remote email access, video teleconferencing and conference calls “upwards of 10 times” in the weeks since it instituted social distancing. IT projects that normally take years to grind through bureaucracy are now happening in just weeks — but this speed also brings several cybersecurity concerns. Adversaries are taking advantage of today’s virtual landscape and capitalizing on the vulnerable. In fact, the security firm Zscaler reported a 30,000% increase in detected phishing, malicious websites and malware designed to capitalize on the COVID-19 crisis from early January through April 2020. If there’s ever been a greater need for cyber resiliency, then that time is now.
It is easy to agree on the principles, but creating real change requires collaboration to deter emerging cyber threats. Watchdogs like the GAO report hold organizations accountable, but this is a continuous process. True resilience requires time and resources, and can only be done if both basic cyber hygiene practices and real-time threat detection and response are seen as equally worthwhile interdependent strategies.
Jacob Noffke is a senior principal cyber engineer at Raytheon Intelligence & Space.