The federal government’s growing dependence on the Internet of Things (IoT) has led to increased security concerns among federal IT professionals. And some of the most lethal hacks have come from nearly undetectable attacks that leverage connected devices to create havoc.
Over the past few years, several critical cybersecurity frameworks have been introduced to help agency IT professionals detect and deter these stealthy intruders. These include the Cyber Threat Framework (CTF), the Federal Risk and Authorization Management Program (FedRAMP), and the Continuous Diagnostics and Mitigation (CDM) Program. Let’s take a look at each of these and identify six strategies that you can employ to support and strengthen these frameworks.
CTF Strategies: Assessment and Intelligence
The CTF is about learning hackers’ patterns and trends. This intelligence can help agencies prepare and respond to threats. To that extent, administrators should strive to gain as much information as possible about their own networks and the known and unknown security threats that can put the systems and data at risk.
Begin by establishing a baseline inventory of the systems and applications on the network. Identify who is on the network and which devices are being used. This assessment can help establish what can be defined as “normal” network behaviors and patterns and provide a clearer understanding of how many endpoints and devices could potentially be compromised. From there, you will be able to better detect if something is amiss—an unauthorized user or device, for example—that could raise a flag.
Remember that education and awareness are often the first and best lines of defense. Take time to understand the breadth and depth of the attacks being used by malicious actors to attack unsuspecting users. Online security forums and websites are a good starting point. You can also set up a dashboard that provides intelligence into worldwide security trends, such as known malware incidents or recently identified viruses.
FedRAMP Strategies: Patching and Education
FedRAMP is just as vital today as it was when it was first introduced nearly a decade ago. Perhaps it’s even more important, given the fact that hybrid IT and the cloud are among the top five most important technologies for federal IT professionals.
FedRAMP provides useful guidance on a number of factors, but one of the most important is the need for frequent patching. FedRAMP cloud vendors are required to patch their systems on a routine basis and report those actions in order to retain their designations.
It’s a good rule of thumb that you can emulate. Staying on top of security patches to minimize vulnerabilities is one of the best and easiest ways to keep connected devices secure. It’s also a good idea to keep abreast of the patch schedules of your vendors so you can have assurance that they are in compliance.
Beyond patching, FedRAMP also makes a case for continuing education. Administrators are required to do monthly system scans and annual assessments, reviewing system changes and updates. You need to be on your toes, and the best way to ensure this is to engage in continuous learning. Stay informed about threats and the latest techniques and technologies to combat those threats. This will help you ensure that your partners are doing what needs to be done to maintain your mutually agreed upon risk posture.
CDM Strategies: Monitoring Activity and Devices
The CDM program asks you to continuously monitor activity, including data at rest and in transit, user behaviors, and more. You must be able to see who is connected, when they are connected, and what they are connected to, and be able to discern patterns that deviate from the norm. This requires mechanisms to detect odd usage and irregular behaviors and issue alerts when an unknown or unauthorized device is detected. You must be prepared to respond quickly to these incidents, or be able to automatically remediate the problem.
Ideally, administrators should also be able to go beyond simple device monitoring to a more in-depth analysis of device behavior. This is particularly important in a world with thousands of connected devices. A simple printer could potentially be used as an information-sharing device. Administrators must be able to detect when something is being used in an unusual way.
Each of these frameworks approaches cybersecurity from a slightly different direction, but they all have one thing in common: the need for constant vigilance and complete awareness. Intruders can use blind spots to sneak in. Administrators must do whatever it takes to gain complete visibility into their network operations using all of the tools at their disposal to shine a light on those areas and keep intruders out.