4 Steps That Agencies Can Take to Secure Systems After the CISA Breach

The Cybersecurity and Infrastructure Security Agency’s speedy response underscores the need for high security standards at every level.

LISTEN

Your browser doesn’t support HTML5 audio

The Cybersecurity and Infrastructure Security Agency reacted quickly after discovering a cyber breach in January that exploited a pair of gateways, a reminder that no entity is immune to such attacks.

CISA discovered the breach when hackers tricked an integrity checker tool into failing to detect the compromise and accessed the agency’s Infrastructure Protection Gateway, containing information on U.S. infrastructure and the Chemical Security Assessment Tool used to determine terrorism risks at facilities.

The agency immediately took both systems offline, citing the “high potential for a compromise of agency information systems.” CISA found that once inside, bad actors could move laterally, perform data exfiltration and establish persistent system access that could result in a full compromise of the targeted information systems.

A patch to correct the vulnerabilities was released, and Ivanti — a leading vendor of zero-trust security solutions including the Connect Secure and Policy Secure gateways — is revamping its engineering, security and vulnerability management practices to embrace a “secure by design” methodology.

“CISA’s quick response is a model for effective incident handling,” says Lisa Plaggemier, executive director of the National Cybersecurity Alliance. “Quick detection, isolation of affected systems and communication with relevant stakeholders are essential steps in minimizing the impact of a breach.”

Click the banner below to begin developing a comprehensive cyber resilience strategy.

 

Monitoring Industry Partners and Creating Incident Response Plans

The attack at an agency focused on cybersecurity underscores the 24/7 threat posed by bad actors and the vulnerability of any entity, large or small. It raises a chilling question: If this could happen to CISA, what hope do other agencies have of repelling such cyberattacks?

Here are some steps that agencies can take to protect their systems from a breach.

Monitor significant industry partners. Monitoring vendors with deep access to networks or sensitive data inside an agency is crucial because of the danger of a breach within their own systems.

“This includes implementing stringent vendor management policies, conducting regular security assessments and ensuring that vendors adhere to the highest security standards,” Plaggemier says.

Create an incident response plan. Incident response plans are just as critical as disaster preparedness measures are in the face of fires and earthquakes. Add them to employee training and drills.

“Human error often leads to security breaches,” Plaggemier says. “Regular training should cover the latest cybersecurity threats: identifying phishing emails and securing sensitive information.”

Related Content:

Explore why zero trust and cyber resilience go hand in hand.

Discover how NTSB is improving its security posture with microsegmentation.

Detect and remove threatening web shells.

Find out how GSA is using TMF funds to bolster security.

Implement Backup as a Service more efficiently.

 

Reviewing Access and Embracing Zero-Trust Security

Review access. Access controls limit the use of sensitive data and systems to authorized personnel. Add strong policies such as multifactor authentication for employees to gain access.

Don’t forget the basics of cybersecurity, which can trip up even the most cautious agency: regular software updates, patch management and comprehensive data encryption both in transit and at rest to protect it from unauthorized access in case of a breach.

Implement a zero-trust security architecture. The basic philosophy — never trust, always verify — restricts the movement of users within an infrastructure and adds layers of protection, evaluating and validating access when users move from one area to another.

The federal deadline is fast approaching for civilian agencies. If a zero-trust model isn’t part of your core security profile, it should be.

MORE FROM FEDTECH: How DOD can maintain zero-trust momentum.

More On Authentication, Endpoint Security, Security Software,