Cybersecurity is one realm of government IT where there seems to be a new and seemingly better solution on the market every day. All of these innovative solutions play a role in helping the government secure their data and infrastructure. But when it comes down to it, user error is the biggest cause of cyberattacks – and that can be hard to defend against.
All over the government, employees are failing to protect their passwords and agencies are not updating their networks and software. Even in the face of new mandates and cyber policies, a lot of agencies are still reluctant to change these practices.
In order to address this issue, GovLoop brought together Deborah Blyth, Chief Information Security Officer for the State of Colorado, and Tony Lauro, the Lead Senior Enterprise Security Architect at Akamai in the recent online training Get Back to Basics – Cyber Edition.
For Akamai, there are three main parts to the basics of cybersecurity:
- Distributed Denial of Service Attack (DDoS): A DDoS attack is a type of Denial of Service (DoS) attach where multiple compromised systems are used to target a single system causing a DoS attack. This often results in multiple compromised systems flooding the targeted system with traffic.
A recent example of a DDoS attack happened in fall of 2016 when website services across the East Coast were shut down. However, Lauro explained, “none of these sites were actually attacked. Rather the managed DNS infrastructure that directs user to the correct webpage was compromised.” In order to counter these types of attacks, Lauro recommended a defense against these types of problems through a boundary security model to stop malicious traffic from hitting the devices and services used at your agency.
- Application Security: As more agencies start deploying apps, it is important that they are secured. “One way attackers are getting into agencies is through malware, which is becoming commoditized,” Lauro said. “Malicious actors have taken a typically difficult process of creating malware and ransomware and made it accessible to anyone who wants to hack.” In order to counter malware attacks, agencies must deploy applications that already have security measures built in.
- Application Programming Interface (API): An API governs who can access data or services, what data can be requested, and the response, whether it is providing the data or service to the requester or not. However, APIs are vulnerable to a broad range of security threats including data theft and DDoS attacks. Agencies can mitigate API vulnerabilities by deploying robust cybersecurity measures like authentication and authorization, validating the parameters of the API, and making sure data exchanges are secure.
Securing Colorado—A Case Study
The state of Colorado recently developed a plan to implement some of the basic cybersecurity measures that Lauro discussed. The intiative Secure Colorado was created in 2012 with the goal of creating more robust security measures and establishing a budget that would allow the state’s IT leaders to do so.
The four main priorities of the program are to protect information and systems, research and develop further measures, partnerships, and compliance. “Essentially we want to reduce the state’s exposure to data breaches and cyberattacks and justify an ongoing budget for security improvements,” Blyth explained.
These goals are rooted in the 20 Critical Security Controls for Effective Cyber Defense framework. “The elements of the framework are pulled from the NIST framework and align with other regulatory requirements so they provide a manageable roadmap to improving security,” Blyth said.
Since the program was implemented, Colorado has seen significant improvements in their cyber posture. Some specific accomplishments include audit remediation, robust security tools in place, better patching, two-step verification, quarterly security awareness training, and building secure applications. Through these steps, Colorado has been able to achieve a 48 percent risk reduction over the past two years.
Looking forward, Blyth and her team are working on implementing advanced incident detection, improving identity access management and continuing to strategically implement the 20 critical security controls. Blyth concluded, “This program was only intended to run for three years but we decided to adopt it as an ongoing initiative. We need to continue reassessing our strategies and make sure we are doing all we can to keep Colorado secure.”
To learn more about cyber basics, you can view GovLoop’s recent online training here.