As threats continue against the U.S. government’s electronic infrastructure, cyber-security deserves considerable vigilance. The sensitive nature of information stored within the government’s IT infrastructure is highly sought after by countless enemies here and abroad. Unfortunately, government bodies face the same vulnerabilities as the private sector but often with much higher risks; if exploited, the consequences would be severe. The government must protect its infrastructure against invisible saboteurs capable of potentially limitless disruption, and it can do so by adhering to fundamental procedures of prevention, detection and mitigation.
The most effective way to reduce the threat of cyber-terrorism is to prevent security breaches from occurring. Time after time, both the U.S. government and private industries are impacted by security threats that have been known for months or years. Fault lies in the methods used to protect machines today.
Typically, an organization will conduct a yearly or quarterly security audit, identifying system vulnerabilities. Often, these results are shelved and the issues are never resolved. Vulnerabilities cannot wait a year or even a few months to be identified, and follow-up is needed to ensure issues are remedied.
Proactive vulnerability assessments, conducted monthly and on-demand, provide government agencies with an accurate evaluation of current vulnerabilities. To supplement this analysis, a visibility scan detects changes in the services offered by servers and firewalls. Finally, a detailed verification procedure monitoring the Web site, domain name information, and Internet routing database offers individual agencies detection that may preclude a planned attack. It is essential to complement external perimeter assessments with thorough internal scans, as FBI studies indicate that most computer crimes initiate within an organization.
Crucial to effective security is recognizing which of the U.S. government’s millions of daily security events are threatening and which do not merit attention. Event correlation technology collects, consolidates and classifies millions of activities from disparate devices, and prioritizes the events to distinguish actual threats from normal network activity. It presents an uncluttered view of threats currently facing an enterprise and their possible impact.
Most experts agree that an impenetrable network has yet to be designed. For this reason, an incident response plan is necessary to minimize damage expeditiously, repair vulnerabilities and prevent further attacks. A decisive plan reduces the time required to recover data and provides a clear roadmap to restore services. Should the government detect a breach in IT security, it is imperative to immediately implement a containment plan designed to reduce infiltration from further penetration into the network. Careful analysis of the attack provides an understanding of the scope of damage and improves recovery of stolen or manipulated data. Imposing severe penalties on those who engage in cyber-crimes would ultimately serve as a deterrent.
With Internet usage increasing exponentially, it is logical to assume that electronic threats are rising at a similar rate. The U.S. General Accounting Office estimates the cost of cyber-crimes in excess of $2.2 billion, in addition to the loss of valuable data. The best advice for the government is to protect its network with measures of prevention, diagnosis and mitigation — protection best provided by Managed Security Service Providers (MSSPs) devoted to full-time expert security. Leading MSSPs offer perspective far beyond private sector ingenuity, as they are commonly staffed with veteran security experts with years of government experience.
Michael Hrabik is a founding partner and chief technology officer of Solutionary Inc., a provider of assessment, monitoring and managed security services based in Omaha, Neb.