Generative AI, DevSecOps and Cybersecurity Highlighted for the Air Force and Space Force at DAFITC 2023

Posted on by Mike McCalip

Thousands of Space Force and Air Force personnel and industry experts convened to discuss the most current and significant threats confronting global networks and national defense at the 2023 Department of the Air Force Information Technology and Cyberpower Education & Training (DAFITC) Event. Throughout the many educational sessions, thought leaders presented a myriad of topics such as artificial intelligence (AI), DevSecOps solutions and cybersecurity strategies to collaborate on the advancement of public safety.

Leveraging Generative AI in the DoD

At the event, experts outlined three distinct use cases for simplified generative artificial intelligence in military training.

Text to Text: This type of generative AI takes inputted text and outputs written content in a different format. Text to Text is associated with tasks such as content creation, summarization, evaluation, prediction and coding.
Text to Audio: Text to Audio AI can enhance accessibility and inclusion by creating audio content from written materials to support elearning and education and facilitate language translation.
Text to Video: Text to Video AI is primarily geared towards generating video content from a script to aid the military with language learning and training initiatives.

Dr. Lynne Graves, representative of the Department of the Air Force Chief Data and Artificial Intelligence Office (CDAO), provided attendees with a brief timeline of how the USAF will fully adopt artificial intelligence. The overarching aim for AI integration is to make it an integral part of everyday training, exercises and operations within the Department of Defense (DoD).

In FY23, the DoD is focusing on pipeline assessment. Using red teaming where ethical hackers run simulations to identify weaknesses in the system, internal military personnel target improvement of their infrastructure and mitigation of the vulnerabilities in the different stages of the pipeline.
In FY24, the emphasis will be on the Red Force Migration policy, which involves developing, funding and scaling the necessary strategies.
In FY25, the goal is for the department to become AI-ready. This entails preparing for AI adoption at all agency levels, establishing a standard model card that explains context for the model’s intended use and other important information, creating a comprehensive repository of data and implementing tools for extensive testing, evaluation and verification.

USSF Supra Coders Utilize DevSecOps for Innovation

The current operations of United States Space Force (USSF) Supra Coders involve a range of activities that combine modeling, simulation and expertise in replicating threats. These operations are conducted globally, and currently include orbit-related activities, replication of DA ASAT (Direct Ascent Anti-Satellite) capabilities and the reproduction of adversarial Space Domain Awareness (SDA).

The USSF Supra Coders have encountered limitations with software solutions, including restrictions tied to standalone systems, licensing structures with associated costs and limited adaptability to meet the specific needs of aggressors and USSF requirements. DevSecOps presents a multifaceted strategy for mitigating the identified capability gaps noted by the USSF Supra Coders. It can help create more effective and efficient software solutions through seamless integration of security protocols, streamlining system integration processes, optimizing costs and enhancing customizability.

Cybersecurity Within the Space Force

Cybersecurity is a shared responsibility across the DoD but is especially relevant for the U.S. Space Force. As a relatively newly emerging branch of the military, the Space Force is still developing its cyber strategies. Due to its completely virtual link to its capabilities, the USSF must prioritize secure practices from the outset and make informed decisions to protect its networks and data.

Currently, the Space Force is engaged in the initial phases of pre-mission analysis for its cyber component which serves as a critical element for establishing and maintaining infrastructure through the integration of command and control (C2). These cyber capabilities encounter a series of complex challenges, which necessitate a multifaceted approach including the following solutions:

Enforcing Consistent Cybersecurity Compliance
Developing Secure Methods to Safely Retire Old Technology
Enhancing Cryptography Visibility
Understanding Security Certificate Complexity
Identifying Vulnerabilities and Mitigating Unknown Cyber Risks

While the Space Force faces a uniquely heightened imperative to bolster its cybersecurity capabilities with its inherent reliance on information technology and networks in the space domain, the entire community must collaborate effectively to achieve military leaders’ targeted cybersecurity capabilities by the goal in 2027.

The integration of generative AI in military training, innovations through DevSecOps by the USSF Supra Coders and cybersecurity initiatives of the Space Force collectively highlight the evolving landscape of advanced technologies within the Department of Defense. Technology providers can come alongside the military to support these efforts with new solutions that enhance the DoD’s capabilities and security.

Visit Carahsoft’s Department of Defense market and DevSecOps vertical solutions portfolios to learn more about DAFITC 2023 and how Carahsoft can support your organization in these critical areas.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DAFITC 2023.*

3 Strategies the State Department Can Adopt to Successfully Balance Infrastructure Modernization and Security

Posted on by Chip Daniels

The Department of State’s (DOS) plan to modernize American diplomacy has two focuses: adopting critical and emerging technologies and strengthening cybersecurity. Secretary Antony Blinken cites these initiatives as an “aspect of foreign policy that has become critical in recent years.”

Yet, a recent survey indicates IT complexity is a top challenge when it comes to protecting against cybersecurity threats. The more technology added to a network, the harder it is to defend.

That’s why the DOS must adopt a security-first approach when building and deploying new IT infrastructure. By shifting security left, the organization will be better positioned to successfully balance modernization with security.

Here are three ways the DOS and other government agencies can achieve this objective.

Adopt a “secure by design” approach

Infrastructure modernization isn’t just about the tools that are added to a network. It’s also about the people who must manage the tools, and the different processes teams might use to ensure that everything works as it should. All of this creates additional complexity and increases how an attacker could infiltrate a network.

That’s why it’s critical to weave cybersecurity throughout every phase of infrastructure deployment. Every time a new system or application is installed, its introduction and implementation should be carefully vetted by a dedicated security team. All endpoints should be carefully monitored and inspected to ensure their fortification and all systems tested by red teams to verify their security postures and resiliency.

Simultaneously, all IT professionals should follow predetermined security guidelines throughout the software implementation process. These guidelines should be easily accessible and understood by everyone involved in the process. Simple, direct, and sequential instructions can help prevent vulnerabilities.

Implement observability for proactive cybersecurity

As the DOS’s software factories continue to develop and deploy new technologies, the agency must adopt methods that allow it to keep close tabs on how those technologies connect and interact with one another. Implementing a process of observability is a good way to accomplish this task.

Observability provides a complete view of every asset that comprises an organization’s IT infrastructure, whether on-premises, in the cloud, or hybrid environments. IT teams can observe how assets operate and interact with each other and rapidly identify issues as they arise, including potential security risks.

Observability goes beyond traditional network monitoring, but both are essential. The latter pushes alerts to IT teams whenever there’s a deviation from a predetermined metric, while the former allows teams to detect and analyze abnormalities in real time. So, while monitoring is reactive, and observability is proactive, both work together to form a critical foundation for infrastructure security.

Take an “assume breach” mentality

Zero-trust is an effective best practice that the DOS has adopted from the Department of Defense’s leadership. In the wake of continually evolving cybersecurity threats, adopting a zero-trust posture should be considered the minimum protection standard.

The DOS can take this approach even further by taking an “assume breach” mentality. An assume breach mindset includes several strategies designed to protect the agency throughout the entire lifecycle of a cyberattack. In addition to incorporating zero-trust principles, assuming a breach involves:

Identifying and addressing gaps in security coverage
Planning how to react and respond to an attack
Detailing the steps needed to recover from an attack
Learning from an attack
Implementing processes to prevent future attacks

Assuming a breach is just as it sounds—embracing a position that it’s not if a breach will happen, it’s when it will take place. If agencies base their cybersecurity efforts around this mentality, they will be more prepared to both deal with and prevent the eventuality.

Cyber resiliency must be a top focus as the DOS continues its push toward modernization, but without a systematic plan in place, the agency’s efforts to contain and prevent vulnerabilities can easily become overwhelming. Adhering to the three strategies outlined here can help the DOS prioritize cybersecurity and tackle potential threats in a way that will not only protect the organization but also do so in a manner that is efficient and effective.

These best practices are fundamental elements to SolarWinds’ Secure by Design approach, developed in collaboration with leading cybersecurity experts in the wake of the 2020 SUNBURST attack. It’s a solid blueprint for the DOS to refer to as it continues its modernization efforts.

Critical Infrastructure in Cybersecurity: Modernizing the Electric and Utilities Sector

Posted on by Alex Whitworth

After the ransomware attack on Colonial Pipeline in 2021 and other notable events, the presidential administration has diligently worked to improve the cybersecurity posture of critical infrastructure in the United States. Several Government agencies, such as the Department of Energy (DOE) Cybersecurity, Energy Security and Emergency Response (CESER), the National Security Agency (NSA), Cybersecurity Infrastructure Security Agency (CISA), and private sector Electric & Utility Industry have joined to refine and boost cybersecurity in the Electric and Utilities sector.

Standards for the Electric and Utility Sector

Since 2021, the White House has put forth the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, an initiative that aims to safeguard the critical infrastructure of the nation. The Memorandum specifies that the Electricity Subsector was the pilot effort in its Initiative. In acknowledgement of the Memorandum, at least 150 electric utilities have or will adopt operational technology (OT) and Industrial Control Systems (ICS) security and improved the visibility, detection and monitoring of critical electricity networks. Further reinforcing the memo, in March of 2023, the Presidential Administration announced a national cybersecurity strategy that strives to create a secure digital ecosystem reinforced with the National Cybersecurity Strategy.

Control systems experts that work with DOE CESER, CISA and the NSA have developed a set of ICS security considerations. These considerations aim to enhance and monitor the detection, mitigation and forensic capabilities for OT owners and operators.

The ICS/OT cybersecurity evaluating and monitoring technology guidelines are recommendations rather than mandates. They include but are not limited to:

Building technology for ICS networks with integration compatibility for ICS protocols and communications
Adding sensor-based continuous network cybersecurity monitoring, detection and facilitation of response capabilities for both ICS and OT
Creating a collective defense capability framework for software so that Federal Government partners and trusted organizations can share insights and detections
Utilizing passive deployment and isolation technologies to protect sensitive information
Securing technology against access credential misuse^[1]

These guidelines aim to improve system security and visibility with Government partners.

Financing the Security Movement

To help fulfill the National Security Memorandum promise, the current administration has released the Bipartisan Infrastructure Law, which authorizes up to $250 million to enhance the cybersecurity resilience of rural, municipal, and small private electric utilities. The Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance (RMUC) Program has utilized the law to help improve energy systems, processes, assets, incident response and cybersecurity skills in eligible agencies within the utility workforce. Nearly one in six Americans live in remote or rural communities with inadequate funding and infrastructure for updated technology and modern systems.^[2] The RMUC Program pledges financial and technical assistance to help these communities, as well as small investor-owned electric utilities, to improve vital security functions such as operational capabilities and to provide cybersecurity services access and threat-sharing programs. In August 2023, the program pledged a prize pool of $8.96 million dollars in competitive funding and technical assistance to enable municipal and small investor-owned utilities to advance their training and cybersecurity.^[3]

By ensuring secure and reliable power to all customers, RMUC will help finance cybersecurity, as well as help fulfill another of the current administration’s goals of a net-zero carbon economy by 2050.

Cleaning Up Energy

In developing the clean energy sector, the Administration aims to mold the digital ecosystem to be more defensible, resilient and aligned with American values. This strategy will invest in the future by defending the energy sector and reinforcing clean-energy critical infrastructures.^[4] To aid in the battle for clean energy through cybersecurity innovation, Clean Energy Cybersecurity Accelerator (CECA) will make cybersecurity accessible via collaboration with public and private expertise. To do so, CECA will assess all ICS assets that are connected to a utility’s infrastructure. Any ICS with potential wide-reaching impact is evaluated against physical and virtual attacks in a test lab, allowing CECA to mend any security holes. Aiming to achieve carbon-free electricity by 2035, the DOE has announced hundreds of funding opportunities, including funding for the Fossil Energy and Carbon Management (FECM) office.^[5]

Through the collaboration of several key Government agencies and the tech industry, the Electric and Utilities sector is on the way to being secure, reliable and accessible to all.

The first two parts of this four-part blog series covered the basics of critical infrastructure cybersecurity, as well as an overview of the Water and Wastewater Sector. Following this third part, the fourth and final blog will dive deeper into the Transportation sector.

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Sources

[1] “Considerations for ICS/OT Cybersecurity Monitoring Technologies,” Office of Cybersecurity, Energy Security and Emergency Response, https://www.energy.gov/ceser/considerations-icsot-cybersecurity-monitoring-technologies

[2] “Biden-Harris Administration Launches $250 Million Program to Strengthen Energy Security for Rural Communities,” Department of Energy, https://www.energy.gov/articles/biden-harris-administration-launches-250-million-program-strengthen-energy-security-rural

[3] “New Prize Supports Rural and Municipal Utilities in Strengthening Cybersecurity Posture,” NREL, https://www.nrel.gov/news/program/2023/new-prize-supports-rural-and-municipal-utilities-in-strengthening-cybersecurity-posture.html

[4] “Fact Sheet: Biden-Harris Administration Announces National Cybersecurity Strategy,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

[5] “Funding Notice: Critical Materials Innovation, Efficiency and Alternatives,” Energy.gov: Office of Fossil Energy and Carbon Management, https://www.energy.gov/fecm/funding-notice-critical-materials-innovation-efficiency-and-alternatives

Three Strategies for Minimizing Insider Threats

Posted on by Chip Daniels

Insider threats (alternatively known as careless or untrained insiders) continue to be a problem for the public sector. According to SolarWinds 2023 Public Sector Cybersecurity Survey, 68% of respondents cited careless or untrained employees as one of the highest sources of security threats, second only to foreign governments.

Insider threats have continued to increase over the past few years. Mobile work has become commonplace, and more employees have begun using unsanctioned applications, leading to incidents of shadow IT. Meanwhile, hackers have become adept at targeting government employees through phishing and ransomware attacks, which succeed due to human error.

Educating your employees about the dangers of these attacks and putting in proper safeguards to prevent them is critical. Here are three strategies to help employees become more aware of threats and build a better security posture from the inside.

Understand while not everyone is a trained security expert, everyone can play their part

SolarWinds Cybersecurity Against Insider Threats Blog Embedded Image 2023

Some organizations tend to say, “Everyone is responsible for cybersecurity,” which is not entirely true. An employee in charge of processing applications for social security benefits is in charge of processing applications for social security benefits, not protecting the agency from a cyber attack.

However, there are little things everyone can do to prevent threats–they just need to know what those things are. It’s more than not opening emails from unknown senders or clicking on suspicious-looking attachments. It’s being vigilant, even when someone is feeling overworked. It’s also knowing who to report these incidents to if and when they occur and how and when to share information with colleagues about potentially suspicious activity.

Other things you can do to help employees protect your agency include:

Implementing company-wide password protocols, including two-factor authentication
Mandating employees to change their passwords every few months
Adding context to communications around cybersecurity to help employees understand the ramifications of cybersecurity incidents (for example, illustrating how a breach could impact employees’ jobs)

While rigorous training isn’t necessary, you can aim to make safe security practices a part of your day-to-day efforts. For example, periodic email reminders, replete with simple and easy-to-follow best practices and sent from the CIO or security team, can help improve your organization’s security posture.

Conduct simulations to help employees understand how to respond to possible threats

Email reminders are important, but nothing beats practicing what to do in the event of a threat. Which is where Breach and Attack Simulations (BAS) come in.

BASs can be used to simulate just about any type of attack your employees might be exposed to, including phishing, malware, and more. Employees are asked to spot, respond to, and prevent an attack in a simulation. Managers can assess employees’ responses and reactions and discover where more education is needed.

Simulated attacks are also great for increasing employee vigilance and education. The more employees are exposed to simulated threats, the more knowledgeable they become about those threats–and the less likely they will be to fall prey to them.

Build a zero-trust foundation that is secure by design

While employees should always be your first line of defense against cyberattacks, no defense is ever foolproof, even those that have been adequately trained and prepared. Implementing a secure by design zero-trust cybersecurity environment can ensure weaknesses aren’t exploited.

In a secure-by-design environment, security is inherent in every aspect of the organization. Employees are aware of possible cybersecurity risks and know how to prevent them. Security is baked into the agency’s technology infrastructure and software development processes, and all technologies an agency procures have security as a standard feature, not an add-on.

Security by design goes hand-in-hand with zero trust. Zero-trust cybersecurity models are based on an “assume breach” mentality, where every request to access information could pose a threat. Therefore, all requests must be carefully verified, and all employees should only have access to the information they need.

Remember: while employees can be your agency’s best defenders, they’re also human. They can and will make mistakes. It’s essential to put in place safeguards to mitigate those mistakes. Education is important, but so is having a backup plan in case something fails. By covering all angles you’ll have a better chance of preventing the next employee-centric cyberattack.

For more guidance on how to better enhance your agency’s cybersecurity posture, visit SolarWinds’ Secure by Design resource center.

Securing the Digital Workplace: Microsoft 365 Identity Management for Public Sector Leaders

Posted on by Antoine Snow

Zero Trust is a critical focus for public sector organizations as they navigate today’s evolving digital workplace and cybersecurity landscape. But one issue is emerging as increasingly troublesome: insider threats.

The 2022 Cost of Inside Threats: Global Report found incidents involving insider threats surged 44% over the past two years. While some of these threats may be malicious insiders, seeking to misuse their authorized access for personal gain or harm, many are the result of cybercriminals exploiting vulnerabilities in identities to enter your environment. These criminals use tactics like compromised credentials – the leading cause of data breaches – as well as phishing scams and social engineering to impersonate identities and gain unauthorized access.

To effectively counter these increasingly sophisticated threats, organizations must strengthen identity management. When executed properly, identity management not only enhances the security of your digital workplace but enables a Zero Trust strategy.

Let’s discuss what identity management is, how to build a comprehensive strategy in Microsoft 365, and how it can fortify your Zero Trust deployment.

What is Identity Management?

AvePoint Identity Management Blog Embedded Image 2023

Identity management establishes and manages the digital identities of anyone entering your environment – from employees and contractors to guest users. Identities could refer to people, but they could also be services or devices entering your environment.

Identity management enables organizations to implement robust access controls, granting privileges based on roles – which is why identity management is an integral piece of Zero Trust. Without it, you will have no way to verify users and devices are who they say they are, let alone establish proper privileges and access, which are key Zero Trust principles.

When done effectively, identity management provides the right access to the right individuals at the right time for the right reason. This process not only improves your security posture, but can streamline user access, reduce administrative overhead, and help you better meet your compliance obligations.

Building Identity Management in Microsoft 365

When building your identity management strategy in Microsoft 365, remember these three basic elements: identify, authenticate, and authorize.

Here’s how to get started:

Identify: The backbone of identity management in Microsoft 365 is Azure Activity Directory (Azure AD). Azure AD provides a cloud identity for users, groups, and resources. It is where you build out your users’ identities and control access to internal and external resources – like your intranet or even Microsoft Teams. The solution will recognize users (based on Microsoft’s powerful machine learning and AI’s understanding of typical user and tenant behavior) and flag risks that fall outside of normal behavior, triggering the next steps of the process.
Authenticate: Multi-factor authentication (MFA) is today’s gold standard for authenticating identities. There are a variety of ways to do this, from smart cards to one-time passwords, that add layers of protection to your security. Microsoft’s Authenticator App helps implement MFA across your applications in a convenient and easy way for users, allowing them to verify their and their devices’ identities from their phones.
Authorize: It’s critical to grant access privileges based on the conditions specific to your organization. Conditional Access policies take a two-phased approach: first, it collects information about the person (their device, IP address, etc.) and then enforces any policies you have in place. This could mean if it detects a new device, it may enforce multi-factor authentication (MFA) or request the user sign in again. It could also prohibit access under certain conditions, like if a user is attempting access from a mobile device. These policies provide granular control over access while reducing the risk of authorized access.

By following this framework, you can easily begin using the powerful tools Microsoft offers to build your identity management strategy, ensuring only authorized individuals have access to critical systems.

Three Ways to Take a More Proactive Approach to Identity Management

Once you’ve taken the initial steps to start building your identity management approach, take it to the next level to enhance your security:

Right-size your policies: Strict, one-size-fits-all rules can hinder productivity; if security is in the way of getting the job done, users will find a way around it. Customizing your policies to specific users, workspaces, or even content creates a more tailored approach to access control, striking a balance between security and productivity.
Implement lifecycles: Identities should not permanently exist in your environment. People switch jobs or upgrade their devices. Establish a process to evaluate and recertificate identities – whether users (both external and internal) or devices – to ensure they still require access to your content and workspaces.
Monitor your environment: Even with the best-laid security plans, things can still fall through the cracks. That’s why it’s critical to monitor your environment – including users, devices, locations, and behavior – to identify any anomalies or suspicious activities that should be addressed.

These strategies can help you build a more proactive identity management approach that actively reduces risks and attack surfaces, allowing you to go beyond verifying identity to create a secure and efficient digital workplace.

Build a Secure Digital Workplace with Zero Trust

While identity management is an important aspect of building your secure digital workplace, ensuring only authorized individuals have access to your systems, it is not enough to protect your data or the workspaces where it lives in today’s ever-evolving cyber threat landscape.

Public sector organizations must embrace a comprehensive Zero Trust security framework to effectively build a secure digital workplace. To do so, you must combine identity management best practices with other robust security measures, like role-based access controls, workspace governance policies, lifecycle management processes, and risk assessments. Together, these strategies can enhance the protection of your digital environment and minimize your risk of data breach or unauthorized access.

Download the free AvePoint guide, “How to Achieve Zero Trust Standards Without Limiting Collaboration in Microsoft 365,” for more information about protecting your digital collaboration workspaces with a Zero Trust framework.

Security Protections to Maximize the Utility of Generative AI

Posted on by Tim Balog

Since the introduction of ChatGPT, artificial intelligence (AI) has exponentially expanded. While machine learning has introduced many merits, it also leads to security concerns that can be alleviated through several key strategies.

The Benefits and Risks of Generative AI

The primary focus of AI is to use data and computations to aid in decision-making. Generative AI can create text responses, videos, images, code, 3D products and more. AI as a Service, cloud-based offerings of AI, helps experts get work done more efficiently by advancing infrastructure at a quicker pace. In contrast, AI is also commonly used by the general public as a toy, since its responses can sometimes be entertaining. The comfort users have with AI and wide range of inputs introduces risk, and these risks can proliferate exponentially.

There are several key concerns for Government agencies when utilizing generative AI:

Copyright Complications – AI content comes from many different sources, and that content may be copyrighted. It is difficult to know who owns the words, images or source code that is generated, as the AI’s algorithm is based on derivative information. The data could be open sourced or proprietary information. To combat this, users should modify rather than copy any information gained from AI.
Abuse by Attackers – Bad actors can utilize AI to execute more effective and efficient attacks. While AI is not yet self-sufficient, inexperienced attackers can use AI to make phishing attacks more convincing, personal and effective.
Sensitive Data Loss – Users have, either intentionally or unintentionally, input sensitive data or confidential information into Generative AI systems. It is easier to disclose sensitive information into AI prompts, as users may dissociate the risk from the non-human machine.

The many capabilities of AI entice employees to utilize it to support their daily tasks. However, when this includes introducing sensitive information, such as meeting audios for transcripts or unique program codes, security concerns ensue. Once data is in the AI’s system, it is nearly impossible to have it removed.

To protect themselves from security and copyright issues with AI, several large communications companies and school districts have blocked ChatGPT. However, this still carries risk. Employees or students will find ways around security walls to use AI. Instead of blocking apps, organizations should create a specific policy around generative AI that is communicated to everyone in the company.

Combatting AI Risks

One such policy method includes utilizing a Data Loss Prevention (DLP) solution. The DLP’s purpose is to detect and prevent unauthorized data transmission, and its capabilities can be applied to AI tools to mitigate these concerns. Its security parameters work through three main steps:

Discover – DLPs can detect where data is stored and report on its location to ensure proper storage and accessibility based on its classification.
Monitor – Agencies can oversee data usage to verify that it is being used appropriately.
Protect – By educating employees and enforcing data-loss policies, DLPs can deter hackers from leaking or stealing data.

DLP endpoints can reside on laptops or desktops and provide full security coverage by monitoring data uploads, blocking data copied to removable media, blocking print and fax options and covering cloud-sync applications. For maximum security, agencies should utilize DLPs that cover all types of data storage—data at rest, data in use and data in motion. A unified policy based on detection and response to data leaks will prevent users from misapplying AI and provide balance for secure operation.

While agencies want to stay competitive and benefit from AI, they must also recognize and take steps to reduce the risks involved. Through educating users about the pros and cons of AI and implementing a DLP to prevent accidental data leakages, agencies can achieve their intended results.

Broadcom is a global infrastructure technology leader that aims to enhance excellence in data innovation and collaboration. To learn more about data protection considerations for generative AI, view Broadcom’s webinar on security and AI.

People Plus Technology: Building a Resilient Federal Cyber Workforce

Posted on by Alex Whitworth

Filling cyber jobs in Federal agencies is complicated – it requires competing with industry salaries, retaining existing talent and navigating the Federal hiring process. It’s a far-reaching challenge that affects every agency – the administration knows that, the Office of Personnel Management knows that, and agency technology and human resources leaders know that. And federal C suite leaders realize how the government recruits, hires and retains people for cyber jobs has to change. In partnership with FNN, our Federal Cyber Workforce guide takes a look at what the government is doing to tackle this problem on a sweeping federal level and also on a more agency-specific level. We also get industry perspective on the technologies that affect cyber workforce resiliency. We hope it provides some guidance and help as your agency works to beef up its cybersecurity, both through investments in people and technology.

3 Key Rallying Points for a Resilient Cybersecurity Team

“Agencies are currently operating in a high-threat environment, but that doesn’t mean they can’t implement a reasonable amount of information assurance. It may not be perfect, but it doesn’t have to be. The idea is to make it so that adversaries have to work extremely hard to penetrate the infrastructure. The adversaries are good, but agencies can be better with a resilient cybersecurity team, said Mark Bowling, chief risk, security and information security officer for ExtraHop. The key to achieving this is to have a risk reduction perspective.”

Read more insights from Mark Bowling, Chief Risk, Security and Information Security Officer at ExtraHop.

Do not Wait for a Breach: Why to Adopt Proactive Approach to Cyber Resilience

“When most people talk about cyber resilience, they’re referring to post-breach recovery — the means, methods and speed with which an organization can get its systems and services back online after a cyber incident. But Felipe Fernandez, federal chief technology officer at Fortinet, views resiliency more holistically. His advice? Agencies need to take a proactive stance on cyber resilience and include not only recovery from breaches but also when their planning for non-malicious threats and other operational disruptions, including those associated with cloud-based services.”

Read more insights from Felipe Fernandez, Federal Chief Technology Officer at Fortinet.

Proactively Improve Digital Employee Experience Though Automation

“Digital modernization and the adoption of collaboration tools is supposed to make work easier, especially in a hybrid environment. Employees want the flexibility to be productive in whatever manner best suits them. Unresolved technology issues can impede productivity. In its latest survey of industry employees and IT professionals, Ivanti found that 49% of employees are frustrated with the tools they use and 26% are considering leaving their jobs because of that. Employee experience is a top priority in government right now, and employees are internal customers of an agency’s IT services. By improving their experience your agency can realize gains in productivity and retention.”

Read more insights from Mareike Fondufe, Product Marketing Director at Ivanti.

Download the full Expert Edition for more insights from these cyber workforce leaders and additional government interviews, historical perspectives and industry research.

Four Lessons I Learned from My Company’s Response to the SUNBURST Attack

Posted on by Tim Brown

Saturday, December 12, 2020, is a day I’ll never forget. That was the day I learned nation-state threat actors had exploited our software in what would later be known as SUNBURST. Because it’s been written about thousands of times before, I won’t rehash the particulars of the event itself here. Instead, I’d like to share four lessons I learned about how to respond to a large-scale cyberattack.

1. The first days: Preparation helps control the chaos

I often refer to the days immediately following December 12, 2020, as “controlled chaos.” The chaos portion is self-explanatory, but what about the “controlled” part?

Simply put, we were in control the entire time, no matter how chaotic things seemed, because we’d prepared for such an incident. We ran tabletop exercises, planned for different scenarios, mapped out hypothetical intrusions, tested our response methods, and looked for and plugged potential security holes. We also built an incident response team comprised of representatives from across the company. It included members from our security, legal, marketing, IT, and engineering teams, and our board of directors.

As you plan your threat response, consider the following:

Do you have a cybersecurity incident response playbook?
Have you performed tabletop exercises and run various attack scenarios?
Do you have the right people on the incident response team—a good mix of strategic and tactical expertise?
Do you have ways to contact people, even on the weekend (or during a pandemic)?
Do you have a list of backup contacts in case someone isn’t available?
Do you have alternative communication methods established in case you cannot trust your existing ones?

2. The initial weeks: Separating teams creates an agile and efficient response

SolarWinds Attack Response Blog Embedded Image 2023

We quickly learned we needed to split our team into different groups for an agile and efficient response. Thus, one big team became multiple smaller teams, each overseen by leaders within their respective organizations (i.e., the legal team was led by our general counsel, the engineering team by our head of engineering, and so forth). These teams would work independently, then reconvene each evening to share what they learned, discuss solutions and ideas, and so on.

Having different teams allowed individuals to focus on each facet of the response. For example, engineering could focus on how the attack affected our build while IT investigated how the attackers got in. The communications team created responses for customers, partners, and the press, and what ultimately became the government affairs team devised a plan to contact various government agencies.

We also learned organizing these teams was impossible without a third-party “quarterback.” So, we brought in an external organization to coordinate our teams’ work. They set up meetings and ensured everyone was on the same page and information was being shared.

As you coordinate your teams, ask:

Do we have a plan in place to get teams together?
Do we have a third-party “security helper” on call or retainer? (This is often a good insurance policy)
Do we have enough teams to cover every aspect of our business?

3. The following weeks and months: Unbiased partners help amplify the truth

At the time, there was a lot of misinformation floating around. We were being outnumbered, out-marketed, and out-communicated. And unfortunately, social media made misinformation spread like wildfire—and has helped it be equally hard to extinguish.

To help, we partnered with reputable and experienced organizations like the Cybersecurity and Infrastructure Agency (CISA), Krebs Stamos Group, and others. The organizations performed forensics while amplifying the truth about the attack, helping people understand this was not just an isolated incident.

Amplifying the truth was the only agenda our partners had. Sadly, that’s not the norm. I discovered many organizations out there want to promote their brand or have ulterior motives. Fortunately, the organizations we worked with had no such baggage.

Indeed, they allowed us to focus on ensuring our customers were in the right state. We wanted to be there to answer their questions, assure them, and, most of all, make sure they were secure and protected. Our partners helped us block out the noise so we could focus on helping our customers.

To summarize:

Bring in the correct partners and add new partners as necessary
Watch out for hidden agendas
Prioritize what’s most important to you (For us, our customers were our top priority)
Don’t spend time responding to every inaccuracy; it will only distract you from your priorities
Stay focused

4. The final months: Going above and beyond leads to an exemplary outcome

As the months wore on, I remember a colleague telling me, “If you’re going to come out of this, you have to be special. It won’t be enough just to fix the issue. You need to really go above and beyond.”

As it turns out, we fixed the issue—but did much more than that. We found the source for SUNBURST and made it publicly available. We testified before the U.S. House and Senate. We implemented assistance programs to help our customers. We held briefings with the FBI and other global law enforcement agencies.

We ensured the world knew what we were doing and why we were doing it. In being transparent, we were helping others understand what we went through so they could better protect themselves. It’s not enough to be transparent, of course. To get through it and come out stronger, we needed to have products and services people love and enjoy using, which leads me to three final recommendations:

Be open and honest throughout the entire process
Communicate early and often—not just to your customers, partners, and employees but to the world
Make the type of products you would want them to use, and make them Secure by Design

The months have turned into years. The tenets of transparency and humility have served us well. The SUNBURST incident has turned into a catalyst for good. Supply chain security is now front of mind for many. Executive orders and cyber security strategies are leading us towards attestation for software security. Executive and boardroom conversations have security as a necessary topic, and the security defenders of the world are being looked upon for guidance in managing cyber risk.

The investigation into SUNBURST formally concluded in May 2021—six months after the attack was first uncovered. But I like to think our response to the attack will live on for much longer. Because what started as a dark day in December 2020 made us a stronger, more resilient, and better company. I hope the lessons I learned can help you do the same.

Contact our team today to learn more about how SolarWinds can support your organization’s software and cybersecurity mission.

Ransomware Protection for Kubernetes Data in the Public Sector

Posted on by Gaurav Rishi

Kubernetes is a powerful platform for deploying and managing containerized applications in the cloud. It offers many benefits such as scalability, portability, resilience and automation. However, Kubernetes also poses some challenges when it comes to data protection and security, especially in the public sector where sensitive data and compliance regulations are involved. That’s why we are excited to continue our strategic partnership with Carahsoft Technology Corp., the leading government IT solutions provider, to deliver Kasten K10 by Veeam, the market-leading Kubernetes data protection solution, to public sector customers across the U.S.

In this blog post, we will explore some of the common issues that public sector organizations face when using Kubernetes, and how Kasten K10 by Veeam can help them overcome these challenges with a simple, secure and scalable solution for Kubernetes data protection.

The challenges of Kubernetes Data Protection in the Public Sector

One of the main challenges of Kubernetes data protection in the public sector is the complexity and diversity of the Kubernetes environment. Kubernetes clusters can span multiple clouds, regions and zones, and contain hundreds or thousands of applications and microservices. Each application may have its own data sources, dependencies and configurations, which need to be backed up and restored consistently and reliably.

Veeam Ransomware Protection Blog Embedded Image 2023

Another challenge is the security and compliance of the Kubernetes data. Public sector organizations often deal with sensitive data such as personal information, health records, financial transactions or national security secrets. These data need to be protected from unauthorized access, modification or deletion, as well as from external threats such as ransomware attacks. Moreover, public sector organizations need to comply with various regulations and operate in secure environments, which requires cluster deployments in compliant hybrid environments spanning examples like AWS GovCloud and Red Hat OpenShift.

A third challenge is the scalability and performance of the Kubernetes data protection solution. As Kubernetes clusters grow in size and complexity, so does the amount of data that needs to be backed up and restored. Public sector organizations need a solution that can handle large volumes of data without compromising the availability or performance of the Kubernetes applications. They also need a solution that can scale up or down as needed, without requiring manual intervention or complex configuration changes.

The Solution: Kasten K10 by Veeam

Kasten K10 by Veeam is a purpose-built solution for Kubernetes data protection that addresses all these challenges and more. Kasten K10 is designed to simplify and automate the backup and recovery of Kubernetes applications and their data across any environment. It offers the following features and benefits for public sector organizations:

Application-centric approach: Kasten K10 treats each Kubernetes application as a unit of backup and recovery, rather than individual containers or volumes. This ensures that the application state and dependencies are preserved across backups and restores, regardless of where they are running or how they are configured.
Policy-driven automation: Kasten K10 allows public sector organizations to define backup policies based on application metadata such as labels, annotations, namespaces or clusters. These policies can specify the frequency, retention, location, encryption and compression of the backups, as well as any custom actions or hooks that need to be executed before or after the backup. Kasten K10 then automatically applies these policies to the matching applications, eliminating the need for manual backups or scripts.
Secure and compliant data protection: Kasten K10 encrypts all backup data at rest and in transit using AES-256 encryption keys that are stored in a secure key management system. Kasten K10 also supports role-based access control (RBAC) and audit logging to ensure that only authorized users can access or modify the backup data. Additionally, Kasten K10 provides ransomware protection by creating immutable backups that cannot be overwritten or deleted by malicious actors.
Scalable and performant architecture: Kasten K10 leverages a distributed architecture that scales with the Kubernetes cluster. It uses parallelism and deduplication to optimize the backup, restore performance and reduce the storage footprint. It also supports incremental backups and restores to minimize the network bandwidth and application downtime.
Application portability: Kasten K10 enables public sector organizations to ensure application portability across diverse Kubernetes environments by using Transform Sets. Transform Sets are a set of rules that can modify the application configuration during backup or restore, such as changing namespaces, labels, annotations, storage classes, or secrets. This allows public sector organizations to migrate their applications from one cluster to another, or from one cloud to another, without breaking their functionality or security.

Next Steps

We hope this blog post provided valuable insights into how Kasten K10 by Veeam can help you protect your Kubernetes data in the public sector. If you want to learn more, here are some next steps you can take:

Watch this video to see Kasten K10 in action and learn how it can simplify and automate your Kubernetes data protection workflows: https://youtu.be/gu3J6ZeWwK8

Try the full-featured and FREE edition of Kasten K10 today with this super-quick installation in less than 10 minutes: https://www.kasten.io/free-kubernetes

Don’t miss this opportunity to take your Kubernetes data protection to the next level with Kasten K10 by Veeam and Carahsoft. We look forward to hearing from you soon! Download our full Gorilla Guide to Securing Cloud Native Applications on Kubernetes.

Transforming Digital Services and Modernizing Risk Posture in Colorado

Posted on by Robert Moore

Throughout Colorado State and Local departments, utilizing emerging technology is imperative to combating cyber threats and improving efficiency. At the Carahsoft Digital Transformation Roadshow in Denver, Colorado, Government IT and industry leaders engaged in dynamic discussions around transforming Colorado through technology.

Transforming Technology in Government

Reducing technical debt is a pivotal step in transforming the way Colorado responds to citizens and facilitates digital services. Modernization contributes to building a streamlined constituent experience, enabling data integration for better decision-making and lowering the cost of ownership. That further requires top technology talent to redesign aging technology systems and deliver better outcomes for the state.

The Digital Government strategic plan gathered over 2,000 Coloradans to understand their experience with Digital Government. The group heard from citizens requesting easier forms and more accessible Government services. From that survey, administration learned that State and Local departments can make an impact through three initiatives: expanding broadband access, making Government accessible by reducing burden of access for constituents and reducing poverty.

Change and increased needs seem to be the only constants in today’s world. Workloads are ever increasing and requirements from new and unexpected sources are creating backlogs that are becoming critical. This can put an incredible burden on plans, resources and personnel. The next step is looking at how technology and innovation can improve these new processes and address new demands through live chats, Artificial Intelligence (AI) modeling, etc. There is immense opportunity for Local agencies in Colorado to use this technology to make workflows more efficient, learn about their citizens and offer that instant gratification that customers have come to expect.

One of the biggest challenges Local Government faces is the interoperability across departments to share resources and capabilities. By focusing on utilizing new technologies to encourage that interoperability and optimize through data, user experience improves. There also must be a balance when handling sensitive data within these departments, as well as an effort to avoid technology sprawl and cost complexity. Automation and AI is foundational when it comes to daily operations and best practices as innovative technical solutions continue to make access from the edge easier, more transparent and secure.

The Role of Emerging Technologies in Digital Government

By eliminating legacy systems and investing in emerging enterprise technologies, agencies are generating cost savings, increasing security and accessibility and providing a more holistic, human-centered Government experience for Colorado.

Understanding how Colorado is securing the remote workforce in light of the telework and deployment explosion is important to connect where those emerging technologies can improve communication and networking issues. It is important that the state gets broadband access to its most rural and underserved communities to expand high-speed internet and 5G to increase citizen engagement with Government services. By utilizing endpoint detection, multi-factor authentication and mobile device management, Colorado protects citizens’ data and gains an understanding of user behavior to protect the data from any cyber threats.

The emerging technology approach is also about an innovative mindset to use tools in a better way that improves citizens’ digital experience. Colorado has been modernizing its approach to citizen-facing services by consolidating into simple, quick and more digital interactions to ease how citizens access essential services and programs with the state.

Technology acceleration takes center stage as part of Colorado’s Digital Government Strategic Plan. For the City and County of Denver, collaboration is imperative for coordinating technology deployment across the State and Local Government and within communities, at speeds capable of meeting the plan’s timelines. With these modernization efforts and changes across the state, agencies must invest in change management by preparing citizens for more digitized services. This includes walking residents through new processes and applications as incremental changes occur.

Combating Cyber Threats in Government

As their communities increasingly become targets of hackers and other cyber criminals, State and Local agencies must stand united to prevent and recover from cyberattacks. Cybersecurity risks range from data exploitation, insider threats, third-party practices as outsourcing increases, ransomware, identity theft and fraudulent access to State Government services.

Risk tolerance and risk posture must factor in human risk, application risk, physical security risk, datacenter risk and cloud risk to comprehensively assess cyber threats. As a result of the COVID-19 pandemic, the workforce access changed overnight, creating an even greater need for multi-factor authentication, password management, cloud security and Zero Trust compliance.

Data integrity attacks include unauthorized insertion, deletion or modification of data to Government information such as emails, employee records, financial records and citizen data. Public facing identity is a big aspect going forward for Colorado agencies.

The safeguards in use today ensure data is secure, protected and effectively backed up, yet readily available when needed. Lifecycle management is critical to making sure users have the right level of access to the right applications. Today, most agencies are in a position where if someone logs in, they make an identity claim with a username and password and a one-time code. The agency should then know what application that user accessed, and the process stops there; however, with the diversity in endpoints, more information needs to be acquired. Agencies can then make better risk-based decisions on who is allowed to log in, thereby protecting their environment, detecting and remediating threats while continuing to modernize their risk posture.

Emerging technologies and new digital services provide State and Local agencies more opportunities to easily connect with their citizens and make sure the user experience is as smooth as possible. As increased access to applications and Government data continues, agencies must continuously improve their risk posture to protect citizens’ sensitive information by upholding Zero Trust best practices.

Visit our roadshow resource hub to learn more about the State and Local Roadshow Series: Digital Transformation.