by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 15, 2016
AFTERSEVERALYEARS of well-publicized and damaging data breaches at major agencies, there’s no question the federal government faces a massive cybersecurity challenge. The traditional methods of securing agency networks and systems often prove ineffective against the newest rapidly evolving generation of cyberthreats. Gaining visibility into unknown or lesser known threats is also a major issue. After all, you can’t defend against that which you can’t see. While the nature and scope of the problem is broadly understood, the best way to tackle it is not so clear. Government agencies are struggling to build out their security infrastructures. They remain hampered by ongoing budget con- straints. The gap between understanding and effective answers is still significant. It’s a frightening and frustrating situation. “Organizations have to assume they will be breached at some point, so it’s a question of how well they are set up to detect early, contain, mitigate and recover,” says Dennis Reilly, vice president of federal sales at Gigamon, Inc. “You need new technologies to give you the pervasive visibility into networks and systems that will enable you to react and respond to those threats in an automated fashion.” There are just to many false positives for security operations center personnel to investi- gate. A risk-based approach, aided by automation to enable the investigation and forensic processes is a must. The Obama Administration has recognized the severity of the cybersecurity situation facing government agencies. In June 2015, after revelations of a particularly damaging attack on Office of Personnel Management systems that compromised more than 20 million federal employee records, it ordered a 30-day “Cybersecurity Sprint” to force improvements in agency security protections. As a part of that sprint, the Federal Chief Informa- tion Officer directed agencies to take four “high-priority” actions: Immediately deploy indicators provided by DHS on priority threat-actor techniques, tactics and procedures to improve cybersecurity posture Patch critical vulnerabilities without delay Tighten policies and practices for privileged users Dramatically accelerate implementing multi-factor authentication, especially for privileged users The Cybersecurity Sprint had an immediate effect. The number of known active critical vulnerabilities in federal systems—363 before the month-long sprint—dropped to three by December. Agencies also made major strides in various areas, such as identifying high value assets, increasing use of strong authentication by 30 percent, and boosting employee use of Personal Identity Verification (PIV) cards. Information gathered during the sprint helped identify some of the more critical cybersecurity gaps agencies face. It also helped clarify emerging priorities and the actions needed to address those. All of that resulted in an October 2015 memo from the Office of Management and Budget—the Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Gov- ernment. The CSIP established agency objectives to improve cyberthreat detection, response and recovery. It specifically includes, “efficient and effective acquisition and deployment of existing and emerging technology.” “A statement like that demonstrates recognition of what govern- ment faces with modern threats,” says Reilly. “Government agency bureaucracy and procurement processes are too cumbersome and will always lag behind what’s needed for modern threats, which are increasingly well-funded and nimble. Compliance requirements and regulations alone will never be able to keep up.” PERCEPTION AND REALITY It remains a matter of if and when the solutions catch up to perception. In a 2015 study 1, the SANS Institute found a majority of the IT professionals it surveyed assumed some compromise will occur in their organizations. Despite that, it states, few seemed able to achieve a proactive threat response. That response includes implementing such basic measures as a baseline understanding of normal endpoint activities to better detect anomalies through monitoring. The overarching goal is to gain visibility into the nature of these news threats where there was no visibility before. That is the critical first step. The SANS survey results also show that incident response (IR) automation is not increasing, which is critical for knowing which endpoint assets and data would be targeted as well EVOLVING RESPONSE TO EVOLVING THREATS Government agencies take steps to combat a pernicious new category of cyberthreats SPONSORED REPORT SECURITY MANDATE 1 https://www.sans.org/reading-room/whitepapers/analyst/case-visibility-2nd- annual-survey-state-endpoint-risk-security-35927 as correlating interconnected events that might indicate a compromise. Some 23 percent of the survey respondents failed to identify their own vulnerabilities and compromises. Instead, they were notified of a compromise by a third party. Overall, organizations “are suffering from low visibility into their endpoints and indicators of attack.” In its latest annual report to Congress on the progress of the Federal Information Security Modernization Act (FISMA), the Office of Management and Budget (OMB) states that despite “unprecedented improvements” in securing federal information resources in FY 2015, attackers continued to gain access to and compromise federal networks, information systems and data. The total number of incidents agencies reported increased by 10 percent over the previous year, to more than 77,000. The OMB report also states, “Independent evaluations of informa- tion security programs and practices conducted by agency Inspectors General identified several performance areas in need of improvement, including configuration management, identity and access management, and risk management practices.” Major government cybersecurity programs are catching up to this reality of the severity and rapidly changing nature of the modern threatscape. The Department of Homeland Security, for example, has moved away from known signature-based detection for its Continuous Detection and Mitigation (CDM) and EINSTEIN programs. It’s moving towards a more “reputation-based” system to also help technology provided through those programs pick up on less obvious threats. The CDM program is just now starting to roll out. Agencies will be able to buy tools from the DHS contract to give them a more comprehensive picture of the traffic moving on their net- works. EINSTEIN, which has been in place for several years, provides advanced firewalls to help detect and block threats at the network edge. Eventually, DHS expects to merge the two programs with the goal of gaining more visibility into the cyberthreat landscape and mounting a more effective defense. It is absolutely essential that agencies are able to detect and defend against attacks in both their physical and virtual networks. The criminal elements are smarter at developing and deploying new threats, so agencies need to be equipped to fight smarter. THE THREAT VECTOR EVOLVES The major threats now facing government agencies aren’t the broad-based, blunt force threats of old. The new term for these pernicious evolving threats is Advanced Persistent Threats (APTs). Once an APT makes an initial intrusion, it’s designed to sit in an organization’s network for weeks or months. It will steadily probe systems for valuable data or an opportunity to disrupt services. It operates below the activity thresh- olds most current security tools would recognize as indicating a potential threat. It’s these types of threats that are able to sneak through undetected. That’s likely what happened during the Office of Personnel Management (OPM) breach. Though the threat was publicly reported in June 2015, it was thought to have been present in OPM networks and systems for at least a year before it was noticed—perhaps longer. A similar type of attack was thought responsible for a breach of Internal Revenue Service security also in 2015. That incident affected some 800,000 tax file records. Existing defense mechanisms are still required, but are no longer sufficient on their own. “Organizations still need good perimeter defenses,” says Reilly. “However, now they must also assume that APTs will penetrate those defenses and get into their networks. Having the right tools to ensure good visibility within those networks is critical so agencies can detect and defend against threats as soon as possible; then quickly miti- gate and recover from the threat activity.” Getting ahead of those advanced and rapidly evolving threats is the primary focus of a comprehensive Cybersecurity National Action Plan (CNAP) the administration published in February 2016. Along with forming government-industry groups to promote better interaction between interested parties, it lays out various specific actions for improving government cyber- security. These include a proposed $3.1 billion Information Technology Modernization Fund to “enable the retirement, replacement, and modernization of legacy IT that is difficult to secure and expensive to maintain.” The plan also promises a much deeper dive to learn why government agencies remain vulnerable to cyberthreats. If digital infrastructure is to remain a strategic asset and not a liability, agencies must diagnose and address the causes of cyber- vulnerabilities, and not just treat the symptoms. Government agencies must defend against cyberthreats with the same level of intensity and intelligence with which they’re being attacked. SPONSORED REPORT For more information, please visit: www.gigamon.com
April 30, 2016
May 30, 2016