As guardians of vital information, governments are prime targets for cyberattacks. With perpetrators using increasingly advanced tactics, identifying and defending against emerging threats is an ongoing challenge.
Defending against the latest cyberthreats includes understanding threats as they emerge. The following are two threats that pose a real risk, but often go unnoticed.
Supply Chain Threats
Governments rely on a variety of controls to mitigate the risk of a breach, but there are considerations that may be outside their purview. This is because an agency’s security posture also rely on its partners and suppliers accessing their systems and data. If your trusted partner or vendor is breached, there is always a chance the hacker may be able to infiltrate your systems and data as well. This poses a significant threat that is difficult to detect.
To build a strong defense against these supply chain attacks, agencies should employ threat hunting. Effective threat hunting reduces risks by taking a holistic look at all the activity on an organization’s network and using contextual analysis to pinpoint anomalies. It includes monitoring new protocols, new ports and new destinations for irregular activity that automated detection systems failed to stop.
The role of threat hunting is to layer human expertise across a broad array of data – often a huge amount – to try to detect threats that have escaped other controls.
Agencies must also evaluate their permanent and on-site vendors. For example, if a permanent VPN connects a vendor to an agency, attackers can also use that to gain access to the government network. Vendor access should be restricted, so employees can only get to what they need to accomplish their work. This may seem overly cautious, but the security benefits cannot be overstated. In considering the potential dangers of supply chain threats, agencies must operate with extreme care.
Another serious threat is a “nation-state attack.” This refers to a highly targeted cyberattack launched by a national government or one of its agencies. These hostile government attacks are deployed to obtain intellectual property, critical financial data, or information for political espionage. They are also referred to as Advanced Persistent Threats (APTs) because they are extremely stealthy. After gaining unauthorized access to a network, APTs can often stay undetected for a long period of time. A nation-state or APT attacker is often highly skilled and can easily blend in with other typical user traffic.
Once APTs enter a network, they work to gain administrative access and begin infiltrating user devices. Nation-state attacks pose a major threat to governments due to the sheer amount of information they can obtain. Whenever agencies interact with the internet, they must be able to predict and account for a certain level of risk. Agencies need to assume that any physical device that is connected to their network could be malicious and must operate with a high level of oversight.
In many cases, endpoint monitoring can be a proactive way to detect nation-state threats. Continuous monitoring of end-user devices can help detect irregular activity, so agencies catch malicious actions before it’s too late.
Stay on top of government warnings, current security issues, vulnerabilities and exploits through alert systems such as the National Cyber Awareness System. Additional resources for state, local, tribal and territorial governments can be found at the U.S. Cybersecurity and Infrastructure Security Agency’s site. Check out its geographically-specific resources from various levels of government to help identify and manage cyber risk.
Interested in becoming a Featured Contributor? Email topics you’re interested in covering for GovLoop to [email protected] And to read more from our Spring 2021 Cohort, here is a full list of every Featured Contributor during this cohort.
Meredith Trimble is a former municipal official and Town Council Acting Chair, who focused on strategic planning, annual budgeting and bonded infrastructure projects. Her government experience also includes posts in both federal and state-level executive branch agencies: Associate Editor of the Federal Election Commission’s FEC Record; and Director of Education for the CT Office of State Ethics. In her current role as a Content Manager, Editorial with Tyler Technologies, Inc., she writes content to help empower those who serve the public. Her current focus is to help facilitate data-enabled organizations and create connections between governments and those they serve.