Cybersecurity Awareness Month may be over but that doesn’t mean the focus on the future of cybersecurity is any less important for federal agencies. In fact, as many organizations may see more of their workforce working remotely in the upcoming holiday season, it may be even more important in the coming months.
As agencies continue working on the many meaningful services they provide, finding the right tools to ensure their employees can operate securely is a major priority. To help explain some of the ways that cybersecurity has changed over the last year, and what agencies can do to help mitigate many of the most common cyber threats, GovCyberHub spoke with Karl Schaub, Chief Solutions Architect at NETSCOUT Systems.
Schaub’s extensive career in the cybersecurity space has provided him with ample opportunities to observe and participate in the ongoing trends that are defining cybersecurity today. Schaub’s insights into the current threat landscape, and what solutions are out there to address it, present a window for federal agencies. Through which, they may look and see some of the many ways that they can be better prepared in the face of cyberthreats.
GovCyberHub: October was National Cybersecurity Awareness Month but obviously we see cybersecurity as important all year round. So in your opinion, what are some of the biggest threats facing the future of cybersecurity for the government today? Are there any threats that agencies or organizations should be aware of today?
Karl Schaub: Given the events over the last 18 months, it makes it very hard to narrow the answer down to a single threat or issue. And I think most agencies are staying up-to-date on evolving threats and doing their best. For me, I think agencies should dedicate themselves to understanding ransomware, and the newer triple extortion attacks.
Also, I think that taking a new look at the remote workforce and the dependence on VPNs, VDI, etc. creates some cyber risk, so those should be front of mind for most cyber professionals in government and we know these services are susceptible to DDoS. And I suspect that the new remote workforce is never going to go away completely no matter what “return to office” means, so continuity of operations and business continuity are still going to be impacted by how well agencies can protect their remote workers and their access to services.
GCH: Given that several high-profile attacks have taken place this year, are government agencies more vulnerable than this time last year? Does the ongoing move to remote work explain this in part or whole? How do these attacks impact the future of cybersecurity?
Karl Schaub: That’s a few interesting questions. I would argue that “vulnerable” may be too subjective of a term. Perhaps we should focus on risk. I could clearly make the case that government agencies have a higher risk of attack than a year ago. Agencies are still struggling to operate their network with the bulk of users outside the perimeter. Not to mention grappling with how to secure the new “perimeter” along with the newly discovered supply chain attacks that have been in the press for months.
“The volume, sophistication, and persistence of these types of attacks have had more ‘force-multiplying’ negative effects than ever before.” – Karl Schaub
Regarding your second and third questions, as previously indicated, remote workers are a new constant that indeed has changed the attack surface that bad actors will continue to target. There are architectural and security solutions that can be brought to bear to mitigate this risk. VPNs, firewalls, IPS are stateful processing devices and are susceptible to volumetric attacks. In terms of impacting the future of cybersecurity, having a solution that shields these devices from an attack takes one piece or player off the board completely, which I guess changes the future in some ways.
GCH: As agencies and organizations adopt the new remote work paradigm, are there specific threats that have come up during the transition? Are these threats unique to the new normal or are they similar to threats from before?
Karl Schaub: I guess I laid the groundwork for my response to the earlier questions, but to be direct, yes there are specific threats that have come up. There are also specific deployment issues that have hampered customers through the transition. We have seen self-induced issues around compacity (network bandwidth and VPN processing) as well as reluctance to allow the use of split-tunnel which has led to an impact on business operations. We have seen DDoS attacks directed at VPN and/or remote access services as they offer a single point of attack to cripple the enterprise.
It’s hard to categorize the threats as unique per se, but clearly, the volume, sophistication, and persistence of these types of attacks have had more “force-multiplying” negative effects than ever before.
Another way to look at this was prior to the pandemic most workers were within the enterprise perimeter, which made attacking VPNs or remote services less impactful. If an attack was successful pre-pandemic, it would have limited impact on that small user population outside the perimeter. Today that same attack would impact the bulk of the company and bring business to a halt. That makes protecting these services much more important in this new age of the remote workforce.
GCH: When government agencies and organizations look to the future of cybersecurity, what would you recommend they do to embrace a modern cybersecurity paradigm? What should they prioritize for security in 2021-2022?
Karl Schaub: Well, I’m not sure I want to be the one responsible for predicting the future, but I can share how I might answer that for a single agency. For me, if I had to only pick one thing, I would say they need to focus on zero trust architecture (ZTA). They need to understand where they are in the ZTA journey and prepare a plan that takes the appropriate steps to move the agency forward.
“Remember, a good plan is not the one that sounds the coolest. A good plan is one that works to achieve what it was intended.” – Karl Schaub
To understand ZTA you must look past the ZTA pillars and focus also on the foundational portions of the ZTA. As the adage goes, your building is only as strong as the foundation for which it is built. I mention this because so many of the ZTA early failures were around the lack of visibility and analytics. We all know blind spots are dangerous things when driving a car, but security blind spots and lack of context, actionable intelligence, and practical knowledge can be even more dangerous to an agency, its people, and its mission.
GCH: What can agencies or organizations do to learn more about what it takes to create a robust plan for the future of cybersecurity?
Karl Schaub: Creating and following are two very different things. There are lots of guides and recommendations for creating the plans, but very little on implementation and validation. I always fall back to the “trust but verify paradigm.” You can’t defend what you can’t see. I believe this is why it is a foundational aspect of ZTA and why so many cybersecurity projects fail across government.
Remember, a good plan is not the one that sounds the coolest. A good plan is one that works to achieve what it was intended. History is littered with incredible plans that failed miserably to accomplish an objective. When it comes to cyber defense, most agencies don’t have the luxury of failing once, let alone again. You have to make it achievable and that is really hard to do but is essential in our world today.
GCH: What are some of the gaps in the various solution sets that need to be improved to strengthen cyber defenses so agencies keep up with the evolving threats?
Karl Schaub: Every agency is different so there is not a single answer to this question. However, I believe if agencies stop and look at past and present successes and failures, they will see that having better visibility and analytics gives them the insights needed to be successful.
This dovetails nicely with the earlier conversation around ZTA and the need for a solid foundation to build upon. Visibility and analytics are subsets of what NETSCOUT does and we continue to make advances; like the recent release of Omnis Cyber Intelligence (OCI). OCI was designed to snap into customer ecosystems and provide proactive and actionable intelligence, both real-time as well as retrospectively.