Tag Archives: CISA

Critical Infrastructure in Cybersecurity: Initiatives for The Water and Wastewater Sector

Posted on by
Reply

In July 2021, the presidential administration signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. As these systems are a part of daily life, any damage to them would be a significant threat to national security. One major part of critical infrastructures, the Water and Wastewater Systems Sector, plays a vital part in daily life.

The first part of this four-part blog series covered the basics of critical infrastructure cybersecurity. This is the second part, and subsequent blogs will dive deeper into the electric, utility and transportation sectors respectively.

Carahsoft Cybersecurity for Water and Wastewater Blog 2 Embedded Image 2023The Water and Wastewater Sector in the United States

The Water and Wastewater Systems Sector is a critical infrastructure sector focused on water and wastewater sources and the protection of such sources.

This sector is one of the United States’ critical infrastructures: a physical and/or cyber asset that is so vital that their destruction would have a debilitating effect on society, whether physical, economic or safety related. While the water and wastewater industry is vulnerable to physical attacks it is also in jeopardy to cybersecurity attacks, as the sector increasingly relies on internet of things devices, automation, sensors, data collection, network devices and analytics software.[1] Recent water infrastructure attacks, such as the login breach that affected water treatment programs in the San Francisco Bay Area, or the breach to the industrial control systems (ICS) in Oldsmar, Florida, demonstrated how easy it was for foreign threats to not only hack critical infrastructure, but to shake the public’s confidence. While Industrial Control Systems owners and operators manage their own security, federal agencies seek to protect ICS technologies from potential exploitations that pose existential threats to the public or US property.

The Initiative to Improve Cybersecurity for Critical Infrastructure

To combat potential threats, the White House has put forth the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, an initiative that aims to safeguard the critical infrastructure of the Nation. The memorandum mentions the Water and Wastewater Systems sector by name in section 3a, spearheading the path for the government to act against threats. By working directly with critical infrastructure stakeholders, owners and operators, the White House will establish baseline cybersecurity goals and technology that facilitate threat visibility and detection so that the government and respective industry may take immediate action against any breaches.[1]

The EPA Initiative

As a part of the National Security Memorandum, the Environmental Protection Agency (EPA), a federal agency in charge of risk management for environmental health, announced the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan to join in protecting water systems from cyberattacks. This 2022 plan focuses on supporting the early detection and expulsion of cyber threats against the water sector. A few of its action points include:

  • Creating a task force of water sector leaders
  • Adding new projects that demonstrate and implement the adoption of incident monitoring
  • Improving the process of information sharing and data analysis
  • Providing technical support to water systems[2]

With this properly implemented, the Water and Wastewater Systems sector can survive a cyber-event with no loss of critical function. The Cybersecurity and Infrastructure Security Agency (CISA) cybersecurity performance goals, a set of voluntary goals released in accordance with the National Security Memorandum, are broadly applicable to critical infrastructure sectors, including the water and wastewater sector. Industries can utilize these collaborative cybersecurity government resources to improve their safety.

A Unified Initiative

As the world becomes increasingly more interconnected with networks and the internet, cybersecurity grows in importance. To protect one of the most vital US infrastructures, water and waste, federal agencies have come together to with initiatives to encourage agencies to implement strong security practices to protect US environments and the public.

Check out the first part of our series on cybersecurity infrastructure. The third installment of this series will cover best cybersecurity practices in the electric utility sector.

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

 

Resources:

[1] “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/

[2] “EPA Announces Action Plan to Accelerate Cyber-Resilience for the Water Sector,” United States Environmental Protection Agency, https://www.epa.gov/newsreleases/epa-announces-action-plan-accelerate-cyber-resilience-water-sector

The Basics of Cybersecurity for Critical Infrastructure

Posted on by
Reply

In July 2021, the presidential administration signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. As these systems are a part of daily life, any damage to them would be a significant threat to national security. To prevent a national crisis, the administration launched an effort to improve cybersecurity across critical infrastructure sectors. The first part of this four-part blog series will cover the basics of critical infrastructure cybersecurity. Subsequent blogs will dive deeper into the Water and Wastewater, Electric and Utility and Transportation sectors respectively.

Carahsoft Cybersecurity for Critical Infrastructure Blog 1 Embedded Image 2023Realities of Critical Infrastructure Environments

Increasing Industrial Control Systems (ICS) security ranks is a top priority to protect critical US infrastructure and national security. ICS is an information system that is used to control industrial processes such as manufacturing, product handling, production and distribution. These information systems can face a variety of threats from foreign and national bad actors who aim to gather intelligence and disrupt critical functions. With evolving technology, ICS operators must ensure that they implement new cybersecurity functions when connecting Operational Technology (OT) and Internet of Things (IoT) devices to Information Technology (IT) systems.

Best security practices for ICS include:

  • Restricting logical access to the system’s network and activity through protections such as firewalls to pause network traffic
  • Implementing unidirectional gates
  • Restricting physical access to the ICS devices and network to avoid disruptions to the system’s functionality
  • Securing all ICS individual components
  • Protecting against unauthorized data changes through network oversight
  • Having a response plan for potential incidents[1]

CISA’s Cybersecurity Performance Goals

Section 4 of the National Security Memorandum required the Department of Homeland Security to create baseline cybersecurity guidelines.

To further advance this, the Cybersecurity and Infrastructure Security Agency (CISA) has released a number of initiatives for agencies to implement that would strengthen their security systems. Every day, CISA works with ICS asset owners and operators to help them identify, protect against and detect cybersecurity threats, as well as to enhance ICS technical, analytical and response capabilities. CISA is working hard with critical infrastructure organizations to improve on the common issues they see, including:

  • Without basic security protections and foundational measures, critical infrastructure systems are vulnerable to exploit by methods that are easily preventable.
  • Limitation of resources continues to be a challenge for small- and medium-sized organizations.
  • There are inconsistencies in the standards for cyber maturity across the various critical infrastructure sectors, leaving security gaps that can be exploited.
  • Cybersecurity in IT systems are prioritized, leaving OT systems overlooked and outdated.

CISA offers a wide array of resources to help critical infrastructure organizations. These include the 2022 Cybersecurity Performance Goals—the CPGs. The CPGs are intended to be both voluntary and not comprehensive. It is not a mandated act for agencies to implement, nor does it consist of every helpful cybersecurity practice for every organization. Rather, they are intended as a beginner guideline that can be communicated to a non-technical audience. The CPGs were set as a baseline set of cybersecurity practices that are broadly applicable across critical infrastructure and have known risk-reduction value for IT and OT owners. And lastly, the CPGs stand out from other control frameworks by not only considering practices that address risk to individual entities, but also the aggregate risk to the nation.[2]

The Cross-Sector Cybersecurity Performance Goals provide a set of IT and OT cybersecurity practices that will help organizations increase cyber resilience in their Critical Infrastructure systems. CISA has organized the practices into 8 categories:

  • Account Security
  • Device Security
  • Data Security
  • Governance and Training
  • Vulnerability Management
  • Supply Chain / Third Party
  • Response and Recovery
  • Other

In March 2023 CISA released and updated version of the CPGs to include a key updates from the October 2022 guidelines.

  • The CPGs have been reordered to fit the NIST CSF functions, and accompanying documents have been adjusted to reflect this.
  • The Multifactor Authentication (MFA) goal has been updated to reflect the most recent CISA guidelines.
  • To aid in organizations’ recovery planning, CISA added a goal based around GitHub feedback.
  • There were slight changes made to the glossary to not only reflect the previously listed changes, but to acknowledge additional stakeholders who’ve contributed to the guidelines.

To better connect with the greater community, there are now additional opportunities to provide input on the goals CISA discussion page. CISA welcomes feedback from partners in cybersecurity and critical infrastructure communities.

Check back to read our second installment of this critical infrastructure series that will cover the best cybersecurity practices in the water and wastewater sectors.

 

To learn more about protecting agencies against cyber-attacks, visit Carahsoft’s Cybersecurity Solutions Portfolio.

 

Resources:

[1] “Recommended Cybersecurity Practices for Industrial Control Systems,” CISA, https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

[2] “Cross-Sector Cybersecurity Performance Goals,” CISA, https://www.cisa.gov/cross-sector-cybersecurity-performance-goals

Okta and GovSlack Bring Digital-first Environment to Government

Posted on by
Reply

Digital transformation is all around us. From how we shop to where we work, digital-first environments are the new normal. While the private sector quickly adopted collaborative, digital workspaces, the pace is a bit slower for government agencies – and for good reason.

Higher levels of security and compliance are required in government work, yet agencies still feel limited by the legacy systems in place. To transform into a digital-first workspace that promotes collaboration and improves communication among agencies and contractors, government agencies need flexible, inclusive technology that doesn’t sacrifice cybersecurity.

Modernize with a digital command center

Okta + GovSlack Digital-first Environment to Government Blog Embedded Image 2023

Okta integrates with GovSlack to help the government modernize how work gets done. The centralized digital headquarters provides frictionless, secure access and helps agencies increase productivity, security, governance, and end-to-end workflows.

GovSlack was launched to allow for secure collaboration. Okta’s Identity and access management (IAM) policies throughout GovSlack meet the security and compliance needs of intra- and cross-functional government teams and contractors.

Top five reasons to modernize with Okta and GovSlack

Here are some of the top reasons agencies can benefit from the Okta and GovSlack solutions:

  1. Share information with external agencies and contractors in real time: Slack Connect allows agencies to extend the benefits of their centralized, digital workspace to both internal and external team members in real time. This helps reduce the need for meetings and follow-ups. Okta’s IAM capabilities throughout the platform remove siloed Identity security across the extended enterprise.
  2. Access growing library of integrations: Okta’s secure and seamless integration with GovSlack and a growing number of high-security versions of the most commonly used business applications protect the government’s highest-value assets.
  3. Meet strict compliance and security requirements: Okta’s FedRAMP Moderate Identity solution includes features and capabilities available throughout GovSlack that are designed to strengthen the security posture of government agencies. Okta’s trusted security capabilities meet Zero Trust architecture (ZTA) and the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Identity pillar, helping agencies bridge on-premises assets to the cloud with a unified and automated Identity-driven access layer.
  4. Create a frictionless workforce experience: IAM tools from Okta, like phishing-resistant Multi-Factor Authentication (MFA) and biometrics, allow users to easily access the secure platform from any location or device. Granting permissions and access controls at scale is simple through GovSlack’s enterprise-grade admin dashboard.
  5. Launch into the future of modern work: With security measures offered by Okta and GovSlack, agencies can incorporate a secure, cloud-based digital headquarters into all aspects of their daily work. With a secure digital workspace in place, agencies can reduce time spent building on-premises solutions, breaking down information silos, improving collaboration internally and externally, and opening the door to more possibilities when all stakeholders have access to the same workspace.

Download our Solution Brief to learn more about Okta, the federal Identity solution for high-impact applications, and GovSlack, the designated “digital headquarters” for many government agencies.

3 Ways DoD Can Strengthen Network Security and Resilience

Posted on by
Reply

In October 2022, CISA (Cybersecurity and Infrastructure Security Agency) revealed that multiple hackers had compromised a defense industrial base organization, gaining long-term access to the environment and exfiltrating sensitive data. And those threats are increasing. Since, 2015 the DoD has experienced over 12,000 cyber incidents.

SolarWinds DoD Network Security and Resilience Blog Preview Embedded 2023Strong, resilient next-generation networks that protect sensitive data and DoD missions and functions have never been more critical. But, with a complex interconnected information environment, how can federal IT teams strengthen cybersecurity and become proactive instead of reactive? Army leaders have spent much time discussing resilient next-generation networking, but action needs to be taken soon.

To achieve greater network resilience, here are three steps that federal IT leaders can take to prepare for an unpredictable future and safeguard its networks – and those of its contractors – from malicious cyber activity.

  1. Progress the DoD’s “defend forward” strategy

The DoD’s “defend forward” strategy is nothing new. First outlined in the 2018 DoD Cyber Strategy, the initiative is designed to “disrupt malicious cyber activity at its source.” This refers to any device, network, organization, or adversary nation that poses a threat to U.S. networks and institutions or is actively attacking them.

Notably, the strategy shifts DoD and U.S. Cyber Command’s cybersecurity program from reactive to proactive. Rather than detect and remediate threats as they arise, defend forward actively seeks out threats and eliminates them.

U.S. Cyber Command restated its pledge to “defend forward” in October 2022, but it’s principles and standards must be extended across the defense industrial base – the networks and systems that contribute to U.S. military advantages.

Government contractors are held accountable for their cybersecurity practices and choices, but for true resilience, DoD security leaders must establish new standards for information sharing with their private sector counterparts.

In addition to standing by DoD’s pledge to share indications and warnings of malicious cyber activity, DoD must continue to move beyond transactional vendor relationships. Toll-free numbers are not enough for federal CISOs – they need a dedicated, trusted, point of contact within each defense contractor. Someone with whom they can have frequent and honest conversations, conduct deliberate planning, and oversee collaborative training that enables mutually supporting cyber activities.

  1. Embrace AIOps: The next big thing in networking

Powered by artificial intelligence (AI) and machine learning, AIOps is a relatively new approach to network monitoring that boosts resilience by reducing the time it takes to discover issues, detect anomalies, and gives network engineers the context they need to remediate – before a threat materializes.

AIOps-powered observability works by automating the complex task of collecting and analyzing network data across the vast DoD network infrastructure and turning that data into actionable intelligence. With this insight, teams can proactively address network or cyber issues and even predict certain situations – such as signs of network intrusion. A key advantage of AIOps is that it observes remedial action taken and uses these observations to automatically respond to future problems without the need for IT’s involvement – thereby ensuring a more resilient, autonomous network.

  1. Layer in multipath monitoring

Enterprise networks have traditionally been comprised of multiple hub and spoke topologies with linear routing paths and clearly defined traffic flows. But hybrid IT, hyperconverged infrastructure, and modern networking have created complex multipath network environments – any given packet can take any number of different routes, all of which are changing at any moment.

Unfortunately, these multipath topographies can’t easily be visualized using traditional network monitoring tools. There’s simply not enough time in the day to diagram the network, let alone proactively monitor the application traffic and hardware links that comprise it.

The answer lies in finding a network performance monitoring tool that combines multipath monitoring with traditional infrastructure monitoring for greater visibility into network security.  Having this insight will allow federal network pros to proactively manage multiple networks, identify issues, and fix them before they get out of hand.

A smarter and more collaborative defense

Network resiliency can be achieved at scale, but it will take a concerted effort. Through greater collaboration between the DoD and private sector, as well as the adoption AIOps-powered observability, the DoD will be better prepared to manage and secure increasingly complex, dynamic military network environments.

 

To learn more about SolarWinds’ AIOps-powered Hybrid Cloud Observability Solution, click here.

Ransomware on the Rise

Posted on by
Reply

News story after news story, cyberattack after cyberattack has demonstrated the rampant presence of ransomware in today’s society taking down all shapes and sizes of companies in both the public and private sectors. By 2026, Gartner predicts that unstructured data storage, which is very susceptible to ransomware, will triple in size, and with that, an inevitable increase in the attack surface. Currently 80% of enterprises’ data is made even more vulnerable by the number of daily users, its distributed nature across devices and servers and overall lack of secure protection.[1]

Experts have arrived at this bottom-line conclusion—everyone is vulnerable to a ransomware attack and cybersecurity measures have become an absolute necessity, not an option.

RANSOMWARE DEFINITION

Carahsoft Ransomware Cybersecurity Blog Series Blog 1 Embedded Image 2023 Ransomware is a form of extortion through malware exploiting cyber vulnerabilities to infiltrate systems and capture vital operating or private data. The cybercriminals require payment, often in the form of cryptocurrency, for the release, restoration or decryption of the files or the assurance of not blackmailing individuals with the information accessed. Only 2% of organizations within healthcare get their full data back even after paying the ransom, with the majority of organizations receiving about 65% of their information back.[2] Currently, the situation has escalated to the point where bad actors are demanding multiple ransoms, one to restore the data and others to not publish the information on the black market.

The primary four ways ransomware infects a system are through:

  1. Phishing emails and malicious links
  2. Insecure network ports, devices and services
  3. Backdoors left by other malware
  4. Network vulnerabilities such as poor password hygiene with little user authentication, too many legacy systems, missing software patches and updates etc.[3]

The rise of ransomware as a service (RaaS) has increased the ease of carrying out a cyberattack with practically no technical knowledge necessary for a criminal to execute the attack.[4] One group creates the malware program code and then sells it for other groups to initiate the attack on specific victims.[5] X-Force head Charles Henderson said these crime affiliations have created a condition in which “criminals are more collaborative than the cybersecurity industry.”[6]

All the shifts and advancements in ransomware require a frank review of the past few years and the statistics to understand the situation, properly form the best course of action and minimize the repercussions on American citizens through critical infrastructure.

RANSOMWARE LANDSCAPE

Ransomware has existed since 1989; however, the past two years have seen a dramatic spike in quantity and impact of cyberattacks. All areas of government, business and healthcare are susceptible regardless of their size and relative importance.[7] In recent years, the landscape has changed from individual domestic hackers exploiting opportunities to organized groups of professional criminals based in and often funded by adversarial nations to strategically disrupt critical functions and achieve financial and political goals.[6]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified 16 major critical sectors whose capabilities directly impact the national public health, safety, security and economy of America, most of which (14 out of 16) have fallen under heavy ransomware attack in the past two years.[8] By targeting these essential infrastructures across financial, industrial, transportation and healthcare institutions, bad actors can disrupt nation-wide and global supply chains. CISA executives stress the importance of universal action to improve cybersecurity and combat the widespread ransomware threat. Because of the interconnectivity of U.S. infrastructure, they warn that if one organization is compromised, cybercriminals could gain access and infiltrate other larger vital service providers and ultimately spread out of control.[9]

Government agencies and critical businesses are not the only groups seeking to improve through tech modernization. The ransomware landscape has changed drastically due to advances in cybercriminal activity as well.

Carahsoft Ransomware Cybersecurity Blog Series Blog 1 Infographic Image 2023

The timeline of these attacks has also accelerated. In 2019, the average time between the initial system infiltration to malware deployment was over two months but in 2021 it dropped 94% to an average of less than four days.[12] Every 10 seconds, a new victim is attacked by ransomware. Not only are attacks and ransom demands increasing and their deployments faster, the majority (60%) of companies do not feel prepared if their company were to be faced with a similar threat in the next 12 months.[13] This problem is expected to continue to grow over the next decade, with ransomware cost predictions of more than $265 billion in total damage by 2031.[14] Agencies and organizations must evaluate their cybersecurity standing and make improvements to ensure that they can withstand these escalating attacks.

RANSOMWARE — ACTION REQUIRED

Contrary to public opinion, most cybercriminals do not primarily target organizations based on the perceived importance of their data, but rather the ease of access to infiltrate the system and the probability that the company will pay the ransom. Critical infrastructure in particular has an obligation to strengthen and reinforce their cybersecurity to prevent disruption and protect these vital functions for the American people. With the increasing trends, officials point to the new harsh reality that ransomware is not a question of if a company will be attacked through malware, but when. Based on the current landscape, organizations must act or risk being swept away by the growing tide of ransomware.

 

Carahsoft and its partners offer cybersecurity solutions to defend against ransomware and mitigate the risks. Reach out to discover how Carahsoft can make an impact for your organization. Dive deeper into how ransomware is affecting U.S. critical infrastructures such as healthcare and utilities in our Ransomware in Healthcare and Utilities Blog. Find our full Ransomware Series here.

 

Resources:

[1] “Protect, Detect & Recover: The Three Prongs of a Ransomware Defense Strategy for Your Enterprise Files,” Nasuni, https://media.erepublic.com/document/Whitepaper-_A_Three_Prong_Ransomware_Strategy_-_Nasuni.pdf

[2] “The State of Ransomware in Healthcare 2022,” Sophos, https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/

[3] “Security Primer – Ransomware,” Center for Internet Security, https://www.cisecurity.org/insights/white-papers/security-primer-ransomware

[4] “Ransomware: In the Healthcare Sector,” Center for Internet Security, https://www.cisecurity.org/insights/blog/ransomware-in-the-healthcare-sector

[5] “Health Care Ransomware Strains Have Hospitals in the Crosshairs,” Security Intelligence, https://securityintelligence.com/articles/health-care-ransomware-strains-hospitals-in-crosshairs/

[6] “Ransomware Attacks on Hospitals Have Changed,” AHA Center for Health Innovation, https://www.aha.org/center/cybersecurity-and-risk-advisory-services/ransomware-attacks-hospitals-have-changed

[8] “Critical Infrastructure Sectors,” Cybersecurity & Infrastructure Security Agency, https://www.cisa.gov/critical-infrastructure-sectors

[9] “Ransomware Hackers Will Still Target Smaller Critical Infrastructure, CISA Director Warns,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/ransomware-hackers-will-still-target-smaller-critical-infrastructure-cisa-director-warns/374953/

[12] “Ransomware in 2022: Evolving threats, slow progress,” TechTarget, https://www.techtarget.com/searchsecurity/news/252522369/Ransomware-Evolving-threats-slow-progress

[13] “Global Data Protection Index 2021,” Dell Technologies, https://www.dell.com/en-us/dt/data-protection/gdpi/index.htm#pdf-overlay=//www.delltechnologies.com/asset/en-us/products/data-protection/industry-market/global-data-protection-index-key-findings.pdf

[14] “Ransomware in the Utilities Sector,” ThirdPartyTrust and BitSight, https://info.thirdpartytrust.com/hubfs/03%20Guides%20and%20Ebooks/ransomware-utilities-bitsight-thirdpartytrust.pdf

Infographic Resources:

[7] “Ransomware Threat March 2022: Special Report” Nextgov, https://www.nextgov.com/assets/ransomware-threat-ngq122/portal/

[10] “Looking Back at the Colonial Pipeline Ransomware Incident,” Government Technology, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/looking-back-at-the-colonial-pipeline-ransomware-incident

[11] “Much to Do About Ransomware: Report Highlights a Path Forward,” Government Technology, https://www.govtech.com/security/much-to-do-about-ransomware-report-highlights-a-path-forward