As agencies continue to evolve their cyber capabilities, some preparatory basics still apply. The Federal Drive’s Tom Temin talks with Infoblox’s Allen McNa...
If the average federal agency’s cybersecurity infrastructure were a house, it would likely need work.
“Whether we built security from the foundation or not depends on the agency. But we’re at a point now where we have to remodel that house,” said Allen McNaughton, director of solutions architecture for the public sector at Infoblox.
He added, before embarking on a redo, agency staff should first assess the state of cybersecurity — in part to ensure that any enhancements respond to the latest cyberthreat situation.
As McNaughton shared during Federal News Network’s Cyber Leaders Exchange 2023, agencies need three basic sets of information to guide any cyber remodel.
“The first thing is understanding who or what is on my network,” he said, noting the proliferation of Internet of Things sensors and a growing number of human end user devices. This is especially true now that telework and remote work appear to be at permanently higher levels than before the COVID-19 pandemic.
“I look at it as the who, what, where and when [people are] connected, what they’re connected with, where they are,” McNaughton said. “You need an authoritative database that you can look at and say, ‘Hey, here’s where all of my folks are. Here’s what is connected to my network. Here’s where they’re going.’ This becomes extraordinarily important when you start going down the road of investigating a security event.”
He added, “And, oh, by the way, there’s this little thing called the cloud.” Any organization can easily lose track of everything they’ve moved or deployed to commercial cloud environments over the past decade, McNaughton said.
A second consideration centers on communications, traffic sources and automated calls from interdependent applications.
McNaughton suggested using Domain Name Service data to understand “how my traffic is going north-south, either to or from the internet; and east-west laterally across my network.”
Agencies need to know “who’s communicating with what, via a person or an application, and how they are communicating.”
The third piece of your evaluation should determine whether the agency has a defense-in-depth strategy, McNaughton said.
“If you have silos or just a security solution that’s only doing one thing and not talking to anything else, that’s going to potentially be a problem,” he said, mainly because silo solutions slow responses to threats. “But if you can orchestrate these solutions to talk to one another, then you beat that race condition, and you’re able to start getting out there a little bit faster.”
Any cyber remodeling is likely to bring security enhancements through artificial intelligence, McNaughton said, such as detecting anomalous behavior among users. But agencies are also using AI in a variety of other applications, some as basic as revving up email responses. Those uses can also introduce cybersecurity concerns, especially if agency data ends up in the cloud of the AI provider.
Not all of the estimated 15,000 AI services providers are trustworthy, McNaughton warned.
He recommended getting answers to a couple of questions: “What are they doing with my data when I send it up there? If I need to send my email up there for it to help craft a response, what are they doing with that?”
McNaughton also cautioned about using online AI to generate or enhance code.
“If you’re sending code up there, well, all of a sudden you could potentially be opening yourself up to a supply chain attack,” he said. “They know what pieces of your code will be.”
Of AI, McNaughton said, “if we’re using it to develop code for good, they can be using it to code for bad.”
In fact, if malefactors have access to common vulnerabilities and exposure lists for applications, they could fashion malicious code masquerading as a patch. This adds pressure to the need to patch quickly — before false patches can get into the wild, McNaughton said.
For more cyber tips and tactics, visit the Federal News Network Cyber Leaders Exchange 2023 event page.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Director of Solutions Architecture for the Public Sector, Infoblox
Host, Federal Drive, Federal News Network
Director of Solutions Architecture for the Public Sector, Infoblox
Host, Federal Drive, Federal News Network
Tom Temin has been the host of the Federal Drive since 2006 and has been reporting on technology markets for more than 30 years. Prior to joining Federal News Network, Tom was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines. Tom also contributes a regular column on government information technology.