The nation is currently attempting one of the largest logistical feats in its history: mass vaccination against COVID-19. Federal agencies have been at the forefront of this fight: collecting, managing, and analyzing critical information about the virus, the vaccine, its effects on the health and economic wellbeing of American citizens and people worldwide, and more. The government has been tasked with not only managing our response to the COVID-19 pandemic, but also with protecting mission critical, sensitive, Personally Identifiable Information (PII), Health Insurance Portability and Accountability Act (HIPPA), and commercial industry Intellectual Property data associated with it.
I recently participated in a panel discussion on How to Secure COVID-19 Data. As a former NSA CISO and with over 30 years working in the federal government, I have experience in the skills and tools needed to understand the risks associated with cyber-attacks from sophisticated threat actors and how to secure sensitive data within the federal government – but the scope and scale of this data set is tremendous, cutting across public and private sectors; government entities at the local, state, federal, and tribal levels, and internationally.
Protecting COVID-19 Data
Due to the global nature of the pandemic, nations are racing to develop a vaccine and protect all the data associated with COVID-19. My panel participant, Jennifer Franks, Director of Information Technology and Cybersecurity at the GAO, did an exceptional job outlining the variety and amounts of COVID-19 data that needs to be protected. With the development of the vaccine, government agencies and their private sector partners in the pharmaceutical and healthcare industries have also had to protect information on vaccine development and distribution.
The biggest risk and cybersecurity challenge is having to protect the vast amount of COVID-19 data and protect it across a very distributed architecture. Nation-state actors are certainly very interested in COVID related data and that makes it a target. In January 2021 alone, the Fidelis Threat Research Team saw 79% of that month’s events targeted towards the Government vertical. Attackers can use COVID-19 data to disrupt vaccine supply chain and distribution, exploit citizens’ personal information and more. So what can be done to protect, detect, and respond to attempts by sophisticated threat actors to access this information?
One small part of the solution is data privacy regulations. The government has security and privacy controls in place to provide agencies a foundation of protection. While the vaccination roll-out is just beginning, many people are wondering when they’ll be able to return to their “normal” lives and what that will entail. Specifically, will you need to be vaccinated to return to work, visit loved ones, or travel and how will countries support a “Health Passport” to prove your eligibility to move about freely?
The federal government will have to work with private sector industries to drive that initiative with privacy in mind and policies in place. While COVID-19 accelerated the government’s digital transformation, there is still more to do to ensure citizens and organizations are protected from malicious attackers.
Proactive vs. Reactive Security Strategy
In my experience, many organizations react to threats instead of developing a proactive strategy to defend against them. Jennifer mentioned having preventative measures in place, including implementing access controls to provide accountability and privacy from the start, vulnerability scanning, and audit programs. These preventative measures are all about increasing the work factor for an attacker to gain access to your infrastructure and are absolutely essential.
Proactive defense is focused on detecting sophisticated threat actors that, despite your best efforts, have breached your defenses – most likely using unknown (zero day) attack vectors like we recently saw as part of the SolarWinds attack. For these unknown attack vectors, early detection and validation of anomalous activity is key – essentially focusing your security team on anomalous activity within your networks so that the activity can be investigated and blocked if it turns out to be unauthorized or malicious.
What are the key elements of proactive defense?
- Full visibility through an integrated security stack across and within endpoints, networks, and cloud workloads
- Threat focused analytics to identify and correlate interesting and anomalous events and provide context surrounding the events
- Sophisticated tools backed by automation that enable analysts to:
- Perform deep inspection and analysis of anomalous activities
- Track attackers’ movements and anticipate their next moves
- Block their advances
- Integrated Deception tools to improve confidence and correlation of attacks
- Security analysts knowledgeable in the adversary attack techniques
A proactive security strategy augments more traditional and reactive defenses in place at most agencies. Ultimately, a proactive defense gives your security team the threat hunting tools, knowledge and insights (visibility) needed to detect threats early in the kill chain, to determine how they breached your defenses and what’s been compromised, how to respond with corrective action against these attackers, and how to prevent them from returning in the future. I outline this strategy more in my Global CISO Playbook for the New Normal.
In the course of this pandemic, security professionals have learned to be adaptable and resilient. The mission is the same: continue to move forward in improving the federal government’s cybersecurity to stop even the most advanced threats. We’ve been partnering with over 40 DoD, civilian and intelligence agencies to streamline their cybersecurity operations and would like to become your strategic partner as well. If you have any questions about our solutions and how we can help defend your critical data from advanced threats, contact us.