The Cybersecurity and Infrastructure Security Agency reacted quickly after discovering a cyber breach in January that exploited a pair of gateways, a reminder that no entity is immune to such attacks.
CISA discovered the breach when hackers tricked an integrity checker tool into failing to detect the compromise and accessed the agency’s Infrastructure Protection Gateway, containing information on U.S. infrastructure and the Chemical Security Assessment Tool used to determine terrorism risks at facilities.
The agency immediately took both systems offline, citing the “high potential for a compromise of agency information systems.” CISA found that once inside, bad actors could move laterally, perform data exfiltration and establish persistent system access that could result in a full compromise of the targeted information systems.
A patch to correct the vulnerabilities was released, and Ivanti — a leading vendor of zero-trust security solutions including the Connect Secure and Policy Secure gateways — is revamping its engineering, security and vulnerability management practices to embrace a “secure by design” methodology.
“CISA’s quick response is a model for effective incident handling,” says Lisa Plaggemier, executive director of the National Cybersecurity Alliance. “Quick detection, isolation of affected systems and communication with relevant stakeholders are essential steps in minimizing the impact of a breach.”
Click the banner to read CDW’s white paper on enhancing zero trust for your agency.
Monitoring Industry Partners and Creating Incident Response Plans
The attack at an agency focused on cybersecurity underscores the 24/7 threat posed by bad actors and the vulnerability of any entity, large or small. It raises a chilling question: If this could happen to CISA, what hope do other agencies have of repelling such cyberattacks?
Here are some steps that agencies can take to protect their systems from a breach.
Monitor significant industry partners. Monitoring vendors with deep access to networks or sensitive data inside an agency is crucial because of the danger of a breach within their own systems.
“This includes implementing stringent vendor management policies, conducting regular security assessments and ensuring that vendors adhere to the highest security standards,” Plaggemier says.
Create an incident response plan. Incident response plans are just as critical as disaster preparedness measures are in the face of fires and earthquakes. Add them to employee training and drills.
Human error often leads to security breaches.”
Lisa Plaggemier
Executive Director, National Cybersecurity Alliance
“Human error often leads to security breaches,” Plaggemier says. “Regular training should cover the latest cybersecurity threats: identifying phishing emails and securing sensitive information.”
Reviewing Access and Embracing Zero-Trust Security
Review access. Access controls limit the use of sensitive data and systems to authorized personnel. Add strong policies such as multifactor authentication for employees to gain access.
Don’t forget the basics of cybersecurity, which can trip up even the most cautious agency: regular software updates, patch management and comprehensive data encryption both in transit and at rest to protect it from unauthorized access in case of a breach.
Implement a zero-trust security architecture. The basic philosophy — never trust, always verify — restricts the movement of users within an infrastructure and adds layers of protection, evaluating and validating access when users move from one area to another.
The federal deadline is fast approaching for civilian agencies. If a zero-trust model isn’t part of your core security profile, it should be.
MORE FROM FEDTECH: How DOD can maintain zero-trust momentum.
Suchitra Sangsuwan/Getty Images
