By Don Proctor
The public sector heavily relies on today’s large-scale networks to support critical infrastructure, government services and military operations. Networked capabilities (i.e. web services, collaboration, cloud computing and mobility) are expected to improve an organization’s productivity while responsibly managing taxpayer dollars.
By Don Proctor
Networks today are under increased stress as government workers, technicians and military personnel are accessing critical data from connected mobile phones, custom handheld devices, personal devices and computers that run on different operating systems. The traditional edge point of security has become extended as the network infrastructure and the solutions that support it have developed into a complicated and ever-changing ecosystem.
With the ever-increasing number of devices and operating systems on networks today, patching and virus protection alone are unreliable. To protect against rapidly evolving threats, organizations must establish advanced technologies and comprehensive processes with multiple, flexible layers of defense to identify, prevent and manage attacks. Administrators are beginning to proactively embed network security directly into the network fabric.
Along with the challenges posed by security limitations at the network’s edge, workers are collaborating and sharing important information outside the workplace. In order to secure critical infrastructure in a mobile age, the public sector needs to identify and implement network security solutions that incorporate trust, visibility and resiliency.
Risk Assessment in Today’s Critical Infrastructure
The increasingly global society we live in is moving so quickly that proprietary systems are no longer a reliable option. A world filled with multiple complex networking protocols favors criminals by fragmenting local suppliers, lowering the number of security providers, and decelerating innovation and threat response. Consider the threat imposed by a hacker with months to exploit a bug in a proprietary system versus the days it takes to fix a vulnerability in open source environments.
Global networks are facing new threats daily. Prior to 2001, attacks on these systems were primarily a result of internal sources, for example, dissatisfied employees, misconfiguration or poor operational procedures. The focus has recently shifted towards external attacks. Hackers today are often highly paid mercenaries that are financially motivated or following personal nationalistic reasons, targeting critical infrastructures, government and military networks.
IT administrators in the public sector are considering a variety of issues to help prevent these assaults. For example, some IT administrators are questioning the reliance on open standards-based networking as opposed to traditional proprietary systems. As Internet Protocol (IP)-based technologies and the Internet continue to grow exponentially, even the most closely guarded systems are beginning to take advantage of open-standards capabilities. Commercial Off-the-Shelf (COTS) technologies offer the benefits of low cost, fast implementation, interoperability and agility, allowing them to penetrate up to the highest levels of government and military command.
Critical infrastructure systems are also at a high risk, for example, power grid operations. Energy providers today are skeptical of open standards, and assume that closed industrial systems are safer if not invulnerable. However, this is a false assumption; in 2010, the Stuxnet worm attacked industrial controllers with a removable drive.
A New Approach to Network Security
A new approach is required to support the critical role cybersecurity plays in today’s national security today. Historically, government organizations have faced unique challenges to prevent cyber attacks, often dealing with extended deployment and certification cycles that guarantee technologies will be outdated by the time they are put into use.
To simplify this process, organizations are adopting an integrated architectural approach to the network that addresses evolving security challenges, permitting the protection of assets, detection of security breaches and appropriate remediation once a breach has been identified. This “trust” model has three-layers, which incorporates trusted processes, trusted systems and trusted services.
To reduce risk while strengthening security for the complete lifecycle of an intelligent network, trusted processes are a collection of processes for vulnerable organizations to help securely plan, design, develop, implement and operate systems. Such processes include all operational disciplines relevant to assuring network policy compliance and management, including training, acquisition and monitoring.
The middle layer of the three-layer “trust” model is trusted systems. This includes networking, computing and storage infrastructure, along with input from security intelligence operations (such as incident response teams), advanced research and global cryptography. Here, the integrity and interactions of hardware and software elements are compliant with global standards, emphasizing security through product assurance, supply chain integrity and global certifications.
• Product assurance – This includes elements of design and product development, guaranteeing the integrity of hardware or software products. For example, best software development practices, strong processes for managing third-party code security and so on.
• Supply chain integrity – This is the process by which hardware is manufactured and software developed that conforms to appropriate security standards. As a result, studies have proven that procurement from unauthorized suppliers is the weakest link in security governance. Safeguards built into each link of the supply chain, manufacturing, assembly and distribution, secure against tampering or insertion of hardware or software with malicious content. To bridge the gap to security, it is recommended for organizations to purchase solutions from trusted vendors that have robust supply chain standards and strict Common Criteria certification requirements.
• Common Criteria certification – As an international standard (ISO/IEC 15408), Common Criteria certification is currently recognized across 26 countries as the most reliable evaluation and certification for product security. Performed by independent commercial labs, the evaluations are certified by the certificate-issuing country. These countries require Common Criteria for purchasing network security solutions or in general, products that have security functionalities.
The final layer is trusted services, end-user services and capabilities enabled by the IT system. These services can be hosted inside the network, in the cloud, by discrete devices or by industry providers. Network Access Control (NAC), Intrusion Detection and Prevention (IDP) and Identity-Based Networking Services (IBNS), as well as instrumentation, diagnostics and sensing are all examples of these services. To extend these security capabilities into the cloud, organizations should consider Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
New Architecture Best Practices
Organizations can make critical improvements to their network security with this three-layer model by leveraging existing network capabilities. For example, a major change in current best practices recognizes that not all information assets have equal value and not all assets are worth protecting to the same extent. Identifying the value and vulnerability (high, medium or low) of assets allows for efficient application of multiple levels of data protection.
Many security challenges are old issues that could be easily addressed with new processes. IT teams are able to improve their visibility into their system by keeping track of any and all physical assets that touch the network. Today’s devices are filled with a plethora of data that can provide insight into the operation of the network. With diligent monitoring and by establishing a baseline of activity, IT teams are able to easily identify and correct weaknesses caused by untrusted devices, and remove or block users as needed.
Organizations can also significantly improve security measures with configuration management and software version control for devices connected to the network. To minimize the chances of exposure, vendor vulnerability disclosures should be monitored.
For organizations to be confident that a cybersecurity incident is managed appropriately, a high level of system resiliency is required. Networks should be able to respond to a breach by isolating the affected area quickly to reduce the damage of the attack. IT administrators must take advantage of dynamic routing protocols, redundant pathways and analysis of data collected by embedded sensor processes and security intelligence operations. These tools help contain the damage brought by existing and emerging cyber threats.
Each person who utilizes the network should be fully educated. An organization’s employees are an essential element of security and should have two-way communication about critical issues. In return, organizations must shift their strategy to accommodate today’s work culture; rather than banning social networks, organizations should implement a policy that enforces responsible and robust communication as data moves between these sites.
IT decision-makers must understand that no single product can ensure complete security across the network. Trustworthy, secure systems are built over a long period of time, requiring careful planning, development and implementation in an environment that entails a broad portfolio of security offerings. The people who create effective processes for maintaining the secure environment are of the utmost importance. Leaders in the security space are dedicated to enabling strategy, educating employees and implementing new technologies that will close the gap between the industry and government organizations while supporting public sector requirements.
Don Proctor is senior vice president, Office of the CEO, for Cisco.