Tag Archives: CISA

Critical Infrastructure in Cybersecurity: Modernizing the Electric and Utilities Sector

Posted on by
Reply

After the ransomware attack on Colonial Pipeline in 2021 and other notable events, the presidential administration has diligently worked to improve the cybersecurity posture of critical infrastructure in the United States. Several Government agencies, such as the Department of Energy (DOE) Cybersecurity, Energy Security and Emergency Response (CESER), the National Security Agency (NSA), Cybersecurity Infrastructure Security Agency (CISA), and private sector Electric & Utility Industry have joined to refine and boost cybersecurity in the Electric and Utilities sector.

Standards for the Electric and Utility Sector

Since 2021, the White House has put forth the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, an initiative that aims to safeguard the critical infrastructure of the nation. The Memorandum specifies that the Electricity Subsector was the pilot effort in its Initiative. In acknowledgement of the Memorandum, at least 150 electric utilities have or will adopt operational technology (OT) and Industrial Control Systems (ICS) security and improved the visibility, detection and monitoring of critical electricity networks. Further reinforcing the memo, in March of 2023, the Presidential Administration announced a national cybersecurity strategy that strives to create a secure digital ecosystem reinforced with the National Cybersecurity Strategy.

Control systems experts that work with DOE CESER, CISA and the NSA have developed a set of ICS security considerations. These considerations aim to enhance and monitor the detection, mitigation and forensic capabilities for OT owners and operators.

The ICS/OT cybersecurity evaluating and monitoring technology guidelines are recommendations rather than mandates. They include but are not limited to:

  • Building technology for ICS networks with integration compatibility for ICS protocols and communications
  • Adding sensor-based continuous network cybersecurity monitoring, detection and facilitation of response capabilities for both ICS and OT
  • Creating a collective defense capability framework for software so that Federal Government partners and trusted organizations can share insights and detections
  • Utilizing passive deployment and isolation technologies to protect sensitive information
  • Securing technology against access credential misuse[1]

These guidelines aim to improve system security and visibility with Government partners.

Carahsoft Cybersecurity for Utilities Blog 3 Embedded Image 2023Financing the Security Movement

To help fulfill the National Security Memorandum promise, the current administration has released the Bipartisan Infrastructure Law, which authorizes up to $250 million to enhance the cybersecurity resilience of rural, municipal, and small private electric utilities. The Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance (RMUC) Program has utilized the law to help improve energy systems, processes, assets, incident response and cybersecurity skills in eligible agencies within the utility workforce. Nearly one in six Americans live in remote or rural communities with inadequate funding and infrastructure for updated technology and modern systems.[2] The RMUC Program pledges financial and technical assistance to help these communities, as well as small investor-owned electric utilities, to improve vital security functions such as operational capabilities and to provide cybersecurity services access and threat-sharing programs.  In August 2023, the program pledged a prize pool of $8.96 million dollars in competitive funding and technical assistance to enable municipal and small investor-owned utilities to advance their training and cybersecurity.[3]

By ensuring secure and reliable power to all customers, RMUC will help finance cybersecurity, as well as help fulfill another of the current administration’s goals of a net-zero carbon economy by 2050.

Cleaning Up Energy

In developing the clean energy sector, the Administration aims to mold the digital ecosystem to be more defensible, resilient and aligned with American values. This strategy will invest in the future by defending the energy sector and reinforcing clean-energy critical infrastructures.[4] To aid in the battle for clean energy through cybersecurity innovation, Clean Energy Cybersecurity Accelerator (CECA) will make cybersecurity accessible via collaboration with public and private expertise. To do so, CECA will assess all ICS assets that are connected to a utility’s infrastructure. Any ICS with potential wide-reaching impact is evaluated against physical and virtual attacks in a test lab, allowing CECA to mend any security holes. Aiming to achieve carbon-free electricity by 2035, the DOE has announced hundreds of funding opportunities, including funding for the Fossil Energy and Carbon Management (FECM) office.[5]

Through the collaboration of several key Government agencies and the tech industry, the Electric and Utilities sector is on the way to being secure, reliable and accessible to all.

The first two parts of this four-part blog series covered the basics of critical infrastructure cybersecurity, as well as an overview of the Water and Wastewater Sector. Following this third part, the fourth and final blog will dive deeper into the Transportation sector.

 

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Sources

[1] “Considerations for ICS/OT Cybersecurity Monitoring Technologies,” Office of Cybersecurity, Energy Security and Emergency Response, https://www.energy.gov/ceser/considerations-icsot-cybersecurity-monitoring-technologies

[2] “Biden-Harris Administration Launches $250 Million Program to Strengthen Energy Security for Rural Communities,” Department of Energy, https://www.energy.gov/articles/biden-harris-administration-launches-250-million-program-strengthen-energy-security-rural

[3] “New Prize Supports Rural and Municipal Utilities in Strengthening Cybersecurity Posture,” NREL, https://www.nrel.gov/news/program/2023/new-prize-supports-rural-and-municipal-utilities-in-strengthening-cybersecurity-posture.html

[4] “Fact Sheet: Biden-Harris Administration Announces National Cybersecurity Strategy,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

[5] “Funding Notice: Critical Materials Innovation, Efficiency and Alternatives,” Energy.gov: Office of Fossil Energy and Carbon Management, https://www.energy.gov/fecm/funding-notice-critical-materials-innovation-efficiency-and-alternatives

Four Lessons I Learned from My Company’s Response to the SUNBURST Attack

Posted on by
Reply

Saturday, December 12, 2020, is a day I’ll never forget. That was the day I learned nation-state threat actors had exploited our software in what would later be known as SUNBURST. Because it’s been written about thousands of times before, I won’t rehash the particulars of the event itself here. Instead, I’d like to share four lessons I learned about how to respond to a large-scale cyberattack.

1. The first days: Preparation helps control the chaos

I often refer to the days immediately following December 12, 2020, as “controlled chaos.” The chaos portion is self-explanatory, but what about the “controlled” part?

Simply put, we were in control the entire time, no matter how chaotic things seemed, because we’d prepared for such an incident. We ran tabletop exercises, planned for different scenarios, mapped out hypothetical intrusions, tested our response methods, and looked for and plugged potential security holes. We also built an incident response team comprised of representatives from across the company. It included members from our security, legal, marketing, IT, and engineering teams, and our board of directors.

As you plan your threat response, consider the following:

  • Do you have a cybersecurity incident response playbook?
  • Have you performed tabletop exercises and run various attack scenarios?
  • Do you have the right people on the incident response team—a good mix of strategic and tactical expertise?
  • Do you have ways to contact people, even on the weekend (or during a pandemic)?
  • Do you have a list of backup contacts in case someone isn’t available?
  • Do you have alternative communication methods established in case you cannot trust your existing ones?

2. The initial weeks: Separating teams creates an agile and efficient response

SolarWinds Attack Response Blog Embedded Image 2023

We quickly learned we needed to split our team into different groups for an agile and efficient response. Thus, one big team became multiple smaller teams, each overseen by leaders within their respective organizations (i.e., the legal team was led by our general counsel, the engineering team by our head of engineering, and so forth). These teams would work independently, then reconvene each evening to share what they learned, discuss solutions and ideas, and so on.

Having different teams allowed individuals to focus on each facet of the response. For example, engineering could focus on how the attack affected our build while IT investigated how the attackers got in. The communications team created responses for customers, partners, and the press, and what ultimately became the government affairs team devised a plan to contact various government agencies.

We also learned organizing these teams was impossible without a third-party “quarterback.” So, we brought in an external organization to coordinate our teams’ work. They set up meetings and ensured everyone was on the same page and information was being shared.

As you coordinate your teams, ask:

  • Do we have a plan in place to get teams together?
  • Do we have a third-party “security helper” on call or retainer? (This is often a good insurance policy)
  • Do we have enough teams to cover every aspect of our business?

3. The following weeks and months: Unbiased partners help amplify the truth

At the time, there was a lot of misinformation floating around. We were being outnumbered, out-marketed, and out-communicated. And unfortunately, social media made misinformation spread like wildfire—and has helped it be equally hard to extinguish.

To help, we partnered with reputable and experienced organizations like the Cybersecurity and Infrastructure Agency (CISA), Krebs Stamos Group, and others. The organizations performed forensics while amplifying the truth about the attack, helping people understand this was not just an isolated incident.

Amplifying the truth was the only agenda our partners had. Sadly, that’s not the norm. I discovered many organizations out there want to promote their brand or have ulterior motives. Fortunately, the organizations we worked with had no such baggage.

Indeed, they allowed us to focus on ensuring our customers were in the right state. We wanted to be there to answer their questions, assure them, and, most of all, make sure they were secure and protected. Our partners helped us block out the noise so we could focus on helping our customers.

To summarize:

  • Bring in the correct partners and add new partners as necessary
  • Watch out for hidden agendas
  • Prioritize what’s most important to you (For us, our customers were our top priority)
  • Don’t spend time responding to every inaccuracy; it will only distract you from your priorities
  • Stay focused

4. The final months: Going above and beyond leads to an exemplary outcome

As the months wore on, I remember a colleague telling me, “If you’re going to come out of this, you have to be special. It won’t be enough just to fix the issue. You need to really go above and beyond.”

As it turns out, we fixed the issue—but did much more than that. We found the source for SUNBURST and made it publicly available. We testified before the U.S. House and Senate. We implemented assistance programs to help our customers. We held briefings with the FBI and other global law enforcement agencies.

We ensured the world knew what we were doing and why we were doing it. In being transparent, we were helping others understand what we went through so they could better protect themselves. It’s not enough to be transparent, of course. To get through it and come out stronger, we needed to have products and services people love and enjoy using, which leads me to three final recommendations:

  • Be open and honest throughout the entire process
  • Communicate early and often—not just to your customers, partners, and employees but to the world
  • Make the type of products you would want them to use, and make them Secure by Design

The months have turned into years. The tenets of transparency and humility have served us well. The SUNBURST incident has turned into a catalyst for good. Supply chain security is now front of mind for many. Executive orders and cyber security strategies are leading us towards attestation for software security. Executive and boardroom conversations have security as a necessary topic, and the security defenders of the world are being looked upon for guidance in managing cyber risk.

The investigation into SUNBURST formally concluded in May 2021—six months after the attack was first uncovered. But I like to think our response to the attack will live on for much longer. Because what started as a dark day in December 2020 made us a stronger, more resilient, and better company. I hope the lessons I learned can help you do the same.

Contact our team today to learn more about how SolarWinds can support your organization’s software and cybersecurity mission.

Critical Infrastructure in Cybersecurity: Initiatives for The Water and Wastewater Sector

Posted on by
Reply

In July 2021, the presidential administration signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. As these systems are a part of daily life, any damage to them would be a significant threat to national security. One major part of critical infrastructures, the Water and Wastewater Systems Sector, plays a vital part in daily life.

The first part of this four-part blog series covered the basics of critical infrastructure cybersecurity. This is the second part, and subsequent blogs will dive deeper into the electric, utility and transportation sectors respectively.

Carahsoft Cybersecurity for Water and Wastewater Blog 2 Embedded Image 2023The Water and Wastewater Sector in the United States

The Water and Wastewater Systems Sector is a critical infrastructure sector focused on water and wastewater sources and the protection of such sources.

This sector is one of the United States’ critical infrastructures: a physical and/or cyber asset that is so vital that their destruction would have a debilitating effect on society, whether physical, economic or safety related. While the water and wastewater industry is vulnerable to physical attacks it is also in jeopardy to cybersecurity attacks, as the sector increasingly relies on internet of things devices, automation, sensors, data collection, network devices and analytics software.[1] Recent water infrastructure attacks, such as the login breach that affected water treatment programs in the San Francisco Bay Area, or the breach to the industrial control systems (ICS) in Oldsmar, Florida, demonstrated how easy it was for foreign threats to not only hack critical infrastructure, but to shake the public’s confidence. While Industrial Control Systems owners and operators manage their own security, federal agencies seek to protect ICS technologies from potential exploitations that pose existential threats to the public or US property.

The Initiative to Improve Cybersecurity for Critical Infrastructure

To combat potential threats, the White House has put forth the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, an initiative that aims to safeguard the critical infrastructure of the Nation. The memorandum mentions the Water and Wastewater Systems sector by name in section 3a, spearheading the path for the government to act against threats. By working directly with critical infrastructure stakeholders, owners and operators, the White House will establish baseline cybersecurity goals and technology that facilitate threat visibility and detection so that the government and respective industry may take immediate action against any breaches.[1]

The EPA Initiative

As a part of the National Security Memorandum, the Environmental Protection Agency (EPA), a federal agency in charge of risk management for environmental health, announced the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan to join in protecting water systems from cyberattacks. This 2022 plan focuses on supporting the early detection and expulsion of cyber threats against the water sector. A few of its action points include:

  • Creating a task force of water sector leaders
  • Adding new projects that demonstrate and implement the adoption of incident monitoring
  • Improving the process of information sharing and data analysis
  • Providing technical support to water systems[2]

With this properly implemented, the Water and Wastewater Systems sector can survive a cyber-event with no loss of critical function. The Cybersecurity and Infrastructure Security Agency (CISA) cybersecurity performance goals, a set of voluntary goals released in accordance with the National Security Memorandum, are broadly applicable to critical infrastructure sectors, including the water and wastewater sector. Industries can utilize these collaborative cybersecurity government resources to improve their safety.

A Unified Initiative

As the world becomes increasingly more interconnected with networks and the internet, cybersecurity grows in importance. To protect one of the most vital US infrastructures, water and waste, federal agencies have come together to with initiatives to encourage agencies to implement strong security practices to protect US environments and the public.

Check out the first part of our series on cybersecurity infrastructure. The third installment of this series will cover best cybersecurity practices in the electric utility sector.

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

 

Resources:

[1] “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/

[2] “EPA Announces Action Plan to Accelerate Cyber-Resilience for the Water Sector,” United States Environmental Protection Agency, https://www.epa.gov/newsreleases/epa-announces-action-plan-accelerate-cyber-resilience-water-sector

The Basics of Cybersecurity for Critical Infrastructure

Posted on by
Reply

In July 2021, the presidential administration signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. As these systems are a part of daily life, any damage to them would be a significant threat to national security. To prevent a national crisis, the administration launched an effort to improve cybersecurity across critical infrastructure sectors. The first part of this four-part blog series will cover the basics of critical infrastructure cybersecurity. Subsequent blogs will dive deeper into the Water and Wastewater, Electric and Utility and Transportation sectors respectively.

Carahsoft Cybersecurity for Critical Infrastructure Blog 1 Embedded Image 2023Realities of Critical Infrastructure Environments

Increasing Industrial Control Systems (ICS) security ranks is a top priority to protect critical US infrastructure and national security. ICS is an information system that is used to control industrial processes such as manufacturing, product handling, production and distribution. These information systems can face a variety of threats from foreign and national bad actors who aim to gather intelligence and disrupt critical functions. With evolving technology, ICS operators must ensure that they implement new cybersecurity functions when connecting Operational Technology (OT) and Internet of Things (IoT) devices to Information Technology (IT) systems.

Best security practices for ICS include:

  • Restricting logical access to the system’s network and activity through protections such as firewalls to pause network traffic
  • Implementing unidirectional gates
  • Restricting physical access to the ICS devices and network to avoid disruptions to the system’s functionality
  • Securing all ICS individual components
  • Protecting against unauthorized data changes through network oversight
  • Having a response plan for potential incidents[1]

CISA’s Cybersecurity Performance Goals

Section 4 of the National Security Memorandum required the Department of Homeland Security to create baseline cybersecurity guidelines.

To further advance this, the Cybersecurity and Infrastructure Security Agency (CISA) has released a number of initiatives for agencies to implement that would strengthen their security systems. Every day, CISA works with ICS asset owners and operators to help them identify, protect against and detect cybersecurity threats, as well as to enhance ICS technical, analytical and response capabilities. CISA is working hard with critical infrastructure organizations to improve on the common issues they see, including:

  • Without basic security protections and foundational measures, critical infrastructure systems are vulnerable to exploit by methods that are easily preventable.
  • Limitation of resources continues to be a challenge for small- and medium-sized organizations.
  • There are inconsistencies in the standards for cyber maturity across the various critical infrastructure sectors, leaving security gaps that can be exploited.
  • Cybersecurity in IT systems are prioritized, leaving OT systems overlooked and outdated.

CISA offers a wide array of resources to help critical infrastructure organizations. These include the 2022 Cybersecurity Performance Goals—the CPGs. The CPGs are intended to be both voluntary and not comprehensive. It is not a mandated act for agencies to implement, nor does it consist of every helpful cybersecurity practice for every organization. Rather, they are intended as a beginner guideline that can be communicated to a non-technical audience. The CPGs were set as a baseline set of cybersecurity practices that are broadly applicable across critical infrastructure and have known risk-reduction value for IT and OT owners. And lastly, the CPGs stand out from other control frameworks by not only considering practices that address risk to individual entities, but also the aggregate risk to the nation.[2]

The Cross-Sector Cybersecurity Performance Goals provide a set of IT and OT cybersecurity practices that will help organizations increase cyber resilience in their Critical Infrastructure systems. CISA has organized the practices into 8 categories:

  • Account Security
  • Device Security
  • Data Security
  • Governance and Training
  • Vulnerability Management
  • Supply Chain / Third Party
  • Response and Recovery
  • Other

In March 2023 CISA released and updated version of the CPGs to include a key updates from the October 2022 guidelines.

  • The CPGs have been reordered to fit the NIST CSF functions, and accompanying documents have been adjusted to reflect this.
  • The Multifactor Authentication (MFA) goal has been updated to reflect the most recent CISA guidelines.
  • To aid in organizations’ recovery planning, CISA added a goal based around GitHub feedback.
  • There were slight changes made to the glossary to not only reflect the previously listed changes, but to acknowledge additional stakeholders who’ve contributed to the guidelines.

To better connect with the greater community, there are now additional opportunities to provide input on the goals CISA discussion page. CISA welcomes feedback from partners in cybersecurity and critical infrastructure communities.

Check back to read our second installment of this critical infrastructure series that will cover the best cybersecurity practices in the water and wastewater sectors.

 

To learn more about protecting agencies against cyber-attacks, visit Carahsoft’s Cybersecurity Solutions Portfolio.

 

Resources:

[1] “Recommended Cybersecurity Practices for Industrial Control Systems,” CISA, https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

[2] “Cross-Sector Cybersecurity Performance Goals,” CISA, https://www.cisa.gov/cross-sector-cybersecurity-performance-goals

Okta and GovSlack Bring Digital-first Environment to Government

Posted on by
Reply

Digital transformation is all around us. From how we shop to where we work, digital-first environments are the new normal. While the private sector quickly adopted collaborative, digital workspaces, the pace is a bit slower for government agencies – and for good reason.

Higher levels of security and compliance are required in government work, yet agencies still feel limited by the legacy systems in place. To transform into a digital-first workspace that promotes collaboration and improves communication among agencies and contractors, government agencies need flexible, inclusive technology that doesn’t sacrifice cybersecurity.

Modernize with a digital command center

Okta + GovSlack Digital-first Environment to Government Blog Embedded Image 2023

Okta integrates with GovSlack to help the government modernize how work gets done. The centralized digital headquarters provides frictionless, secure access and helps agencies increase productivity, security, governance, and end-to-end workflows.

GovSlack was launched to allow for secure collaboration. Okta’s Identity and access management (IAM) policies throughout GovSlack meet the security and compliance needs of intra- and cross-functional government teams and contractors.

Top five reasons to modernize with Okta and GovSlack

Here are some of the top reasons agencies can benefit from the Okta and GovSlack solutions:

  1. Share information with external agencies and contractors in real time: Slack Connect allows agencies to extend the benefits of their centralized, digital workspace to both internal and external team members in real time. This helps reduce the need for meetings and follow-ups. Okta’s IAM capabilities throughout the platform remove siloed Identity security across the extended enterprise.
  2. Access growing library of integrations: Okta’s secure and seamless integration with GovSlack and a growing number of high-security versions of the most commonly used business applications protect the government’s highest-value assets.
  3. Meet strict compliance and security requirements: Okta’s FedRAMP Moderate Identity solution includes features and capabilities available throughout GovSlack that are designed to strengthen the security posture of government agencies. Okta’s trusted security capabilities meet Zero Trust architecture (ZTA) and the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Identity pillar, helping agencies bridge on-premises assets to the cloud with a unified and automated Identity-driven access layer.
  4. Create a frictionless workforce experience: IAM tools from Okta, like phishing-resistant Multi-Factor Authentication (MFA) and biometrics, allow users to easily access the secure platform from any location or device. Granting permissions and access controls at scale is simple through GovSlack’s enterprise-grade admin dashboard.
  5. Launch into the future of modern work: With security measures offered by Okta and GovSlack, agencies can incorporate a secure, cloud-based digital headquarters into all aspects of their daily work. With a secure digital workspace in place, agencies can reduce time spent building on-premises solutions, breaking down information silos, improving collaboration internally and externally, and opening the door to more possibilities when all stakeholders have access to the same workspace.

Download our Solution Brief to learn more about Okta, the federal Identity solution for high-impact applications, and GovSlack, the designated “digital headquarters” for many government agencies.

3 Ways DoD Can Strengthen Network Security and Resilience

Posted on by
Reply

In October 2022, CISA (Cybersecurity and Infrastructure Security Agency) revealed that multiple hackers had compromised a defense industrial base organization, gaining long-term access to the environment and exfiltrating sensitive data. And those threats are increasing. Since, 2015 the DoD has experienced over 12,000 cyber incidents.

SolarWinds DoD Network Security and Resilience Blog Preview Embedded 2023Strong, resilient next-generation networks that protect sensitive data and DoD missions and functions have never been more critical. But, with a complex interconnected information environment, how can federal IT teams strengthen cybersecurity and become proactive instead of reactive? Army leaders have spent much time discussing resilient next-generation networking, but action needs to be taken soon.

To achieve greater network resilience, here are three steps that federal IT leaders can take to prepare for an unpredictable future and safeguard its networks – and those of its contractors – from malicious cyber activity.

  1. Progress the DoD’s “defend forward” strategy

The DoD’s “defend forward” strategy is nothing new. First outlined in the 2018 DoD Cyber Strategy, the initiative is designed to “disrupt malicious cyber activity at its source.” This refers to any device, network, organization, or adversary nation that poses a threat to U.S. networks and institutions or is actively attacking them.

Notably, the strategy shifts DoD and U.S. Cyber Command’s cybersecurity program from reactive to proactive. Rather than detect and remediate threats as they arise, defend forward actively seeks out threats and eliminates them.

U.S. Cyber Command restated its pledge to “defend forward” in October 2022, but it’s principles and standards must be extended across the defense industrial base – the networks and systems that contribute to U.S. military advantages.

Government contractors are held accountable for their cybersecurity practices and choices, but for true resilience, DoD security leaders must establish new standards for information sharing with their private sector counterparts.

In addition to standing by DoD’s pledge to share indications and warnings of malicious cyber activity, DoD must continue to move beyond transactional vendor relationships. Toll-free numbers are not enough for federal CISOs – they need a dedicated, trusted, point of contact within each defense contractor. Someone with whom they can have frequent and honest conversations, conduct deliberate planning, and oversee collaborative training that enables mutually supporting cyber activities.

  1. Embrace AIOps: The next big thing in networking

Powered by artificial intelligence (AI) and machine learning, AIOps is a relatively new approach to network monitoring that boosts resilience by reducing the time it takes to discover issues, detect anomalies, and gives network engineers the context they need to remediate – before a threat materializes.

AIOps-powered observability works by automating the complex task of collecting and analyzing network data across the vast DoD network infrastructure and turning that data into actionable intelligence. With this insight, teams can proactively address network or cyber issues and even predict certain situations – such as signs of network intrusion. A key advantage of AIOps is that it observes remedial action taken and uses these observations to automatically respond to future problems without the need for IT’s involvement – thereby ensuring a more resilient, autonomous network.

  1. Layer in multipath monitoring

Enterprise networks have traditionally been comprised of multiple hub and spoke topologies with linear routing paths and clearly defined traffic flows. But hybrid IT, hyperconverged infrastructure, and modern networking have created complex multipath network environments – any given packet can take any number of different routes, all of which are changing at any moment.

Unfortunately, these multipath topographies can’t easily be visualized using traditional network monitoring tools. There’s simply not enough time in the day to diagram the network, let alone proactively monitor the application traffic and hardware links that comprise it.

The answer lies in finding a network performance monitoring tool that combines multipath monitoring with traditional infrastructure monitoring for greater visibility into network security.  Having this insight will allow federal network pros to proactively manage multiple networks, identify issues, and fix them before they get out of hand.

A smarter and more collaborative defense

Network resiliency can be achieved at scale, but it will take a concerted effort. Through greater collaboration between the DoD and private sector, as well as the adoption AIOps-powered observability, the DoD will be better prepared to manage and secure increasingly complex, dynamic military network environments.

 

To learn more about SolarWinds’ AIOps-powered Hybrid Cloud Observability Solution, click here.

Ransomware on the Rise

Posted on by
Reply

News story after news story, cyberattack after cyberattack has demonstrated the rampant presence of ransomware in today’s society taking down all shapes and sizes of companies in both the public and private sectors. By 2026, Gartner predicts that unstructured data storage, which is very susceptible to ransomware, will triple in size, and with that, an inevitable increase in the attack surface. Currently 80% of enterprises’ data is made even more vulnerable by the number of daily users, its distributed nature across devices and servers and overall lack of secure protection.[1]

Experts have arrived at this bottom-line conclusion—everyone is vulnerable to a ransomware attack and cybersecurity measures have become an absolute necessity, not an option.

RANSOMWARE DEFINITION

Carahsoft Ransomware Cybersecurity Blog Series Blog 1 Embedded Image 2023 Ransomware is a form of extortion through malware exploiting cyber vulnerabilities to infiltrate systems and capture vital operating or private data. The cybercriminals require payment, often in the form of cryptocurrency, for the release, restoration or decryption of the files or the assurance of not blackmailing individuals with the information accessed. Only 2% of organizations within healthcare get their full data back even after paying the ransom, with the majority of organizations receiving about 65% of their information back.[2] Currently, the situation has escalated to the point where bad actors are demanding multiple ransoms, one to restore the data and others to not publish the information on the black market.

The primary four ways ransomware infects a system are through:

  1. Phishing emails and malicious links
  2. Insecure network ports, devices and services
  3. Backdoors left by other malware
  4. Network vulnerabilities such as poor password hygiene with little user authentication, too many legacy systems, missing software patches and updates etc.[3]

The rise of ransomware as a service (RaaS) has increased the ease of carrying out a cyberattack with practically no technical knowledge necessary for a criminal to execute the attack.[4] One group creates the malware program code and then sells it for other groups to initiate the attack on specific victims.[5] X-Force head Charles Henderson said these crime affiliations have created a condition in which “criminals are more collaborative than the cybersecurity industry.”[6]

All the shifts and advancements in ransomware require a frank review of the past few years and the statistics to understand the situation, properly form the best course of action and minimize the repercussions on American citizens through critical infrastructure.

RANSOMWARE LANDSCAPE

Ransomware has existed since 1989; however, the past two years have seen a dramatic spike in quantity and impact of cyberattacks. All areas of government, business and healthcare are susceptible regardless of their size and relative importance.[7] In recent years, the landscape has changed from individual domestic hackers exploiting opportunities to organized groups of professional criminals based in and often funded by adversarial nations to strategically disrupt critical functions and achieve financial and political goals.[6]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified 16 major critical sectors whose capabilities directly impact the national public health, safety, security and economy of America, most of which (14 out of 16) have fallen under heavy ransomware attack in the past two years.[8] By targeting these essential infrastructures across financial, industrial, transportation and healthcare institutions, bad actors can disrupt nation-wide and global supply chains. CISA executives stress the importance of universal action to improve cybersecurity and combat the widespread ransomware threat. Because of the interconnectivity of U.S. infrastructure, they warn that if one organization is compromised, cybercriminals could gain access and infiltrate other larger vital service providers and ultimately spread out of control.[9]

Government agencies and critical businesses are not the only groups seeking to improve through tech modernization. The ransomware landscape has changed drastically due to advances in cybercriminal activity as well.

Carahsoft Ransomware Cybersecurity Blog Series Blog 1 Infographic Image 2023

The timeline of these attacks has also accelerated. In 2019, the average time between the initial system infiltration to malware deployment was over two months but in 2021 it dropped 94% to an average of less than four days.[12] Every 10 seconds, a new victim is attacked by ransomware. Not only are attacks and ransom demands increasing and their deployments faster, the majority (60%) of companies do not feel prepared if their company were to be faced with a similar threat in the next 12 months.[13] This problem is expected to continue to grow over the next decade, with ransomware cost predictions of more than $265 billion in total damage by 2031.[14] Agencies and organizations must evaluate their cybersecurity standing and make improvements to ensure that they can withstand these escalating attacks.

RANSOMWARE — ACTION REQUIRED

Contrary to public opinion, most cybercriminals do not primarily target organizations based on the perceived importance of their data, but rather the ease of access to infiltrate the system and the probability that the company will pay the ransom. Critical infrastructure in particular has an obligation to strengthen and reinforce their cybersecurity to prevent disruption and protect these vital functions for the American people. With the increasing trends, officials point to the new harsh reality that ransomware is not a question of if a company will be attacked through malware, but when. Based on the current landscape, organizations must act or risk being swept away by the growing tide of ransomware.

 

Carahsoft and its partners offer cybersecurity solutions to defend against ransomware and mitigate the risks. Reach out to discover how Carahsoft can make an impact for your organization. Dive deeper into how ransomware is affecting U.S. critical infrastructures such as healthcare and utilities in our Ransomware in Healthcare and Utilities Blog. Find our full Ransomware Series here.

 

Resources:

[1] “Protect, Detect & Recover: The Three Prongs of a Ransomware Defense Strategy for Your Enterprise Files,” Nasuni, https://media.erepublic.com/document/Whitepaper-_A_Three_Prong_Ransomware_Strategy_-_Nasuni.pdf

[2] “The State of Ransomware in Healthcare 2022,” Sophos, https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/

[3] “Security Primer – Ransomware,” Center for Internet Security, https://www.cisecurity.org/insights/white-papers/security-primer-ransomware

[4] “Ransomware: In the Healthcare Sector,” Center for Internet Security, https://www.cisecurity.org/insights/blog/ransomware-in-the-healthcare-sector

[5] “Health Care Ransomware Strains Have Hospitals in the Crosshairs,” Security Intelligence, https://securityintelligence.com/articles/health-care-ransomware-strains-hospitals-in-crosshairs/

[6] “Ransomware Attacks on Hospitals Have Changed,” AHA Center for Health Innovation, https://www.aha.org/center/cybersecurity-and-risk-advisory-services/ransomware-attacks-hospitals-have-changed

[8] “Critical Infrastructure Sectors,” Cybersecurity & Infrastructure Security Agency, https://www.cisa.gov/critical-infrastructure-sectors

[9] “Ransomware Hackers Will Still Target Smaller Critical Infrastructure, CISA Director Warns,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/ransomware-hackers-will-still-target-smaller-critical-infrastructure-cisa-director-warns/374953/

[12] “Ransomware in 2022: Evolving threats, slow progress,” TechTarget, https://www.techtarget.com/searchsecurity/news/252522369/Ransomware-Evolving-threats-slow-progress

[13] “Global Data Protection Index 2021,” Dell Technologies, https://www.dell.com/en-us/dt/data-protection/gdpi/index.htm#pdf-overlay=//www.delltechnologies.com/asset/en-us/products/data-protection/industry-market/global-data-protection-index-key-findings.pdf

[14] “Ransomware in the Utilities Sector,” ThirdPartyTrust and BitSight, https://info.thirdpartytrust.com/hubfs/03%20Guides%20and%20Ebooks/ransomware-utilities-bitsight-thirdpartytrust.pdf

Infographic Resources:

[7] “Ransomware Threat March 2022: Special Report” Nextgov, https://www.nextgov.com/assets/ransomware-threat-ngq122/portal/

[10] “Looking Back at the Colonial Pipeline Ransomware Incident,” Government Technology, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/looking-back-at-the-colonial-pipeline-ransomware-incident

[11] “Much to Do About Ransomware: Report Highlights a Path Forward,” Government Technology, https://www.govtech.com/security/much-to-do-about-ransomware-report-highlights-a-path-forward