Zero trust is no longer a buzzword; it’s a fundamental part of modernizing cyber defense, as outlined in the National Cybersecurity Strategy and within the CISA’s 2023 – 2025 goals. CISA laid out four ambitious goals, including to ensure the defense and resilience of cyberspace; reduce risks to and strengthen the resilience of America’s critical infrastructure; strengthen whole-of-nation operational collaboration and information sharing; and to unify as one CISA through integrated functions, capabilities and workforce. To follow these guidelines and goals, federal agencies should bolster cyber defense and resiliency by making the right investments in zero trust, and this begins with transitioning to a threat-informed defense approach. A threat-informed defense approach is rooted in threat intelligence and knowledge about threat actors’ capabilities that can be used to make the right investments in capabilities to be resilient against cyberattacks.
Moving beyond traditional security controls
Traditional security controls are insufficient in protecting against major security breaches. They tend to be reactive, static, noncontextualized around threats and are often based on compliance requirements and information technology practices. As a result, traditional security controls are not responsive enough to anticipate, evolve and adapt to threat actors’ behaviors and activities.
Given the evolving threat landscape, organizations must supplement these traditional security controls with modernized approaches that leverage global adversary analytics, threat intelligence, automation and machine-aided models to elevate cyber defense. To move beyond traditional security controls and prevent cyberattacks, government agencies can take the following steps to adopt a modern cybersecurity approach to elevate their cyber defense.
Threat-informed cyber defense
Using threat context to inform and improve cyber defense is almost non-negotiable in today’s cyber battlefield. MITRE defines threat-informed defense as the use of cyber threat intelligence to gain an understanding of our threat actor and then applying that knowledge to cyber defense activities in your security program. Threat-informed defense applies a deep understanding of adversary tradecraft and technology to protect, detect and mitigate cyber-attacks.
For example, as government agencies begin to formalize their zero trust strategies, they can start to incorporate and modernize security capabilities to address the sightings ecosystem, which catalogs the most seen and observed tactics, techniques and procedures (TTPs) in the wild. It is a good starting point to understand the most prevalent types of cyberattacks and to ensure zero trust architectures can address and mitigate them. For government agencies looking to start their zero trust journey, codifying known threat intelligence frameworks like MITRE ATT&CK will help build greater cyber resiliency into their zero trust architecture.
Evolving to proactive cyber defense
Cybersecurity is an ever-evolving field and government agencies are among the first line of defenders that need to be ready and stay ready. Threat intelligence is intended to inform and help prepare, prevent and identify threat actors that are targeting mission-critical assets. While the industry is familiar with indicators of attack (IoA) and compromise (IoC), this situational awareness is limited because it relies on what might happen, based on what has already happened in the past, which leaves government agencies in a reactive posture defending against cyberattacks.
Instead, government agencies should take a more proactive approach to threat intelligence by leveraging adversary analytics and global signals for early warning capabilities to gain near-time perspectives of imminent and impending threats. The early warning signals from adversary analytics and global signals can be used to enhance situational awareness around imminent threats, changes in threat actors’ behaviors and activities, track targeted exploits that are running against other regions or sectors and much more. This will allow agencies to defend against imminent attacks and be a step ahead of threat actors.
Zeroing in on zero trust
To achieve a more cyber resilient strategy that can withstand cyberattacks, the answer is not adding more security controls, but to enhance the application of proven security controls though proactive threat intelligence. Formalizing this strategy across government agencies is necessary and should help agencies embark on their zero-trust journey. Over time, taking a threat-informed defense approach will help mature zero trust capabilities, hunt early for signals associated with threat actors, enhance cyber and mission resiliency, and modernize cybersecurity for all government agencies.
This is what it means to elevate cyber defense – defend and protect forward.
Kevin E. Greene is the public sector chief technology officer at OpenText Cybersecurity.