This blog post is an excerpt from GovLoop’s recent guide, "The People Behind Government Cybersecurity."
The primary cybersecurity challenges facing government are modernizing legacy systems and strengthening defense against internal and external cyberthreats. Legacy systems suffer from security flaws as a result of not being updated even as frequently as the last month. These systems are easily exploitable by potential insider threats and external cyberattackers. The problem is replacing legacy systems with newer technologies can be costly and, if not done properly, can leave agencies more vulnerable to cyberattacks.
For the government to address the challenges of modernizing IT systems while ensuring information security, agencies should turn to layered approaches and solutions that simultaneously support legacy systems and modern technologies. This will help mitigate risks associated with cyberattacks, insider threats and provide standardized controls that can be monitored and measured.
In an interview with GovLoop, Morey Haber, Vice President of Technology in the Office of the CTO at BeyondTrust, discussed how layered approaches, in terms of adding levels of security, can help address these challenges. BeyondTrust is a leading company dedicated to innovative cybersecurity solutions.
“A layered approach requires segmentation of systems or micro-segmentation,” Haber said. “This means that the devices, applications or systems are isolated from other non-mission critical environments.”
A layered approach in cyber terms means adding different IT safeguards to different layers of IT, such as networks, hardware, or perimeters of your infrastructure. Layering makes it easier to add levels of security while making it more difficult for hackers to breach a system. Layered approaches can look like a two-factor authentication system, a new password management system or even a proxy session recording system that keeps track of who is accessing what information within an agency. Layering can help agencies add security on top of older legacy systems while enabling IT staffs to build in security protocols into newer systems.
Two specific examples of layered approaches are a least privilege model and detailed session monitoring. A least privilege model reduces rights down to the lowest level of permission required for employees to perform essential functions. This helps prevent intentional or unintentional insider breaches. Detailed session monitoring comprises the tracking of keystrokes and commands so that anyone’s session can be audited. Leaders can keep track of how people are using systems and make sure system administrators are not abusing their privileges or leaking information.
Recently, a large government agency that requires scientists to run data and custom programs needed help with administrative access and privileges to control who could be privy to certain information. The agency leveraged BeyondTrust’s PowerBroker Endpoint Least Privilege, a solution that provides least privilege management across enterprise endpoints, while creating visibility and control over all privileged applications and accounts. Now, scientists in that agency can use a least privilege login without typing an administrative username and password to perform privileged activity. They can easily perform their jobs without having unnecessary access to the rest of the agency’s IT systems or being granted a secondary account for administrative purposes.
To enhance the effectiveness of layered approaches, it is important to equip your agency’s personnel with the knowledge they need to navigate relevant cybertools and solutions. Applying frameworks, like the NIST Cybersecurity Framework, which provides best practices of risk management to improve critical infrastructure cybersecurity, can help. Frameworks provide organization leaders with the necessary guidelines to support layered approaches and risk-based decisions related to their critical missions.
“These guidelines help quantify risks,” Haber said. “Nearly two decades ago, common scoring for vulnerabilities did not exist and there was no standardization. Now, with guidelines like CVE and the NIST Cybersecurity Framework, we can better communicate current standards across organizations and better identify any risks associated with internal and external systems.”
Adding tools, like PowerBroker, to layered approaches can also ensure complete application control by blacklisting hacking tools previously used by cyberattackers, whitelisting approved applications and greylisting applications based on rules to keep systems safe.
Ultimately, modernizing legacy systems while defending an agency’s valuable information requires layered approaches. Combining the right tools and frameworks, layering and least privilege management with session monitoring can help government keep up with the latest technologies while mitigating cyberthreats across any system, including legacy network environments.