Government: Cyber Threat Actors’ Biggest Target

Agencies are regularly targeted not only by cybercriminals but also by state sponsored actors

According to Deloitte, governments store significantly more data than the private sector and often keep it on older, more vulnerable infrastructure. Unlike most commercial industries, agencies are regularly targeted not only by cybercriminals but also by state sponsored actors. Consequently, vulnerabilities within the government could result in cyberattacks or cybersecurity incidents that may cause disruption that threaten the country's economy, national security, and the health and safety of the public.

Key Challenges to the Federal, State and Local Government Sector

Protecting Personal Data Integrity

In executing their core functions, government agencies collect enormous amounts of data on citizens. Cybersecurity is vital to the protection of this sensitive, confidential, or highly personal information that government agencies maintain. Personally identifiable information (PII) such as medical records, taxpayer records, and social security numbers, could be misused if stolen. In fact, most developed nations have a comprehensive consumer data protection law to protect their citizens data collected by their government as well as by the commercial sector and an independent agency to enforce compliance with the law. To sustain public confidence, government agencies need to make protecting this information a top priority.  

Keeping Vital Services Functioning Despite of a Breach

Information relating to the nation’s infrastructure is an area of particular concern. Over the years, Federal, State and Local Government organizations have lagged in implementing advanced protection systems to safeguard vital information. However, with continued advancement in technology such as the current transformation of the ultra-connected 5G, the critical infrastructure used across key public functions is constantly at risk. Other vital services that are connected, directly or indirectly, to the internet through networks such as transportation grids, communication networks, water systems, and law enforcement and first responders have become increasingly vulnerable to attacks.

Recent Public Sector Data Breaches

Until federal and state governments recognize and understand that upgrades must be made to protect various classes of government information, organizational networks, and communication systems - they will remain an attractive target and data breaches will continue.  

Several US government agencies have experienced cybersecurity breaches in the last few years.  The 2015 data breach of the U.S. Office of Personnel Management (OPM), which impacted 22 million people is a striking example of vulnerability in the public sector.

The key stolen information included security applications of government employees, among them secret service and military personnel. These security applications are 127 pages and include highly personal information such as mental health history, fingerprints, criminal records, past assignments, financial data, drug and alcohol use, family member data, and work history. US government officials stated that such data could be used to identify US operatives and compromise intelligence networks.

“It is a very big deal from a national security perspective and from a counterintelligence perspective,” said FBI director James B. Comey. “It’s a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States Government.”

The 2018 ransomware attack of Atlanta, Georgia by the Iranian based SamSam group was the largest successful security breach of security for a major American city by ransomware, potentially affecting up to 6 million people. According to Reuters, it was estimated that a third of the software programs used by the city remained offline or partially disabled. Additionally, legal documents and law enforcement video files were missing. This breach was notable due to the extent and duration of the service outages caused. Many city services and programs were affected by the attack, including utility, parking, and court services. City officials and residents were forced to complete paper forms by hand.

Key Public Sector Vulnerabilities

There are several areas where the public sector at all levels are particularly vulnerable.  

  • Limited Agency Situational Awareness. According to an assessment by the U.S. Office of Management and Budget (OMB), federal agencies charged with defending networks often lack timely information regarding the tactics, techniques, and procedures that threat actors use to exploit government information systems. This information is so limited, agencies could not identify the method of attack, or attack vector, in 38% of cyber incidents.
  • Lack of Standardized IT Capabilities. US government agencies lack standardized cybersecurity processes and IT capabilities, which impacts their ability to gain visibility and effectively combat threats efficiently. Agencies cannot apply one solution to address specific cybersecurity challenges and eventually reduce their overall attack surface. For example, the OMB report found agencies often operate numerous email services, increasing their susceptibility to phishing attacks. One agency had 62 separate email services, “making it virtually impossible to track and inspect inbound and outbound communications across the agency."
  • Limited Network Visibility. The OMB report also identified that US government agencies lack visibility into what is occurring on their networks, and especially lack the ability to detect data exfiltration. The report identified that merely 27% of agencies reported that they could detect and investigate unauthorized attempts to access large volumes of data.

Cybersecurity Standards & Compliance

Cybersecurity compliance standards for US government agencies include the Federal Information Security Modernization Act of 2014 (FISMA) and the Cybersecurity Framework, which include specific standards, such as Federal Information Processing Standards 199 and 200 (FIPS 199 & 200). The gold standard for cloud security is the  Federal Risk and Authorization Management Program (FedRAMP).  

The Cloud Hoppers campaign resulted in eight of the world's largest cloud providers being breached by Chinese cyber spies in a multi-year infiltration.

While agencies fully compliant in those standards are given awards each year, unfortunately audits of federal FISMA compliance for 2018 show 36 problematic findings covering six security control areas in government agencies. Additionally, an audit of 96 agencies showed complete non-compliance with safety protocols in 12 agencies, and partial noncompliance in another 59 agencies.

Public Sector Trends Show Upcoming Security Challenges

Two notable trends indicate the increasing challenges as well as some progress on cybersecurity: ongoing migration of all data to the cloud while standardizing FedRAMP and cloud security protocols across government agencies.

  • Cloud Migration. Federal, state, and local governments continue to move applications and data to the cloud.  According to the National Association of State Chief Information Officers (NASCIO), 46 percent of states completed their data center consolidation efforts, and 42 percent of state governments have ongoing consolidation efforts underway. In September 2018, the White House's Cloud Smart strategy was released, and with the emphasis on cloud deployments.  Well known public clouds have proven to be large targets for nation-state attacks. Once access is gained to the cloud provider’s system, the hacker has access to most or all customer data.  Breaching a cloud service provider has far reaching consequences for every company on that cloud platform. According to a report by Reuters, the Cloud Hoppers campaign resulted in eight of the world's largest cloud providers being breached by Chinese cyber spies in a multi-year infiltration. The invasion exploited vulnerabilities in those cloud environments but also in the clients’ mistaken belief that they were protected.

  • FedRAMP Certification. The FedRAMP program is highly recommended for federal agencies and local governments. It simplifies security by giving a standardized approach to security for the cloud. According to Deltek’s recent Federal Priorities Spotlight: Cloud Computing report, FedRAMP certification is now mandatory for federal agencies to have a trusted cloud solution, and its adoption has doubled between 2017 to 2018. Recently, Rep. Gerry Connolly (D-Va.) and Rep. Mark Meadows (R-NC) have sponsored a new piece of legislation called the FedRAMP Reform Act of 2019. This legislation seeks to address agency compliance issues and establish new metrics for proper implementation.

Continued Progress on Public Sector Cybersecurity Is Key

It is easy to take critical public infrastructure for granted. The systems and networks that play a vital role in the operations of basic government services can fade into the background and the citizenry could be excused for assuming that federal, state and local governments are making every effort to protect these assets.  

All branches of government are in the front line of a new type of war. It is not only a war against established nations but continuous trench digging war against elusive, decentralized and unpredictable threat actors. Governments need new tools, ammunition if you will, to succeed on this new battlefield. While properly resourcing and developing government response remain a challenge for the public sector at all levels, the wider trends to cloud environments and increasing FedRAMP compliance and security is encouraging.

At CyLogic, we are proud that our flagship product, CyCloud, meets the FedRAMP FISMA HIGH security requirements and has been vetted by Coalfire, the leading assessment organization on the market, as: "Strictly align[ed] with FedRAMP High requirements... for commercial entities seeking the highest level of cloud services and cybersecurity capabilities".

Compromised public-sector information could damage both national security and citizens’ trust. The public sector is responsible for critical systems and infrastructure at the national, state and local level that keeps the country functioning. Without the governments’ ability to provide vital services local and national economies would be severely impacted. According to a Verizon report, the public sector faces more security incidents and data breaches than any other sector. A robust cybersecurity program must be implemented to protect critical operations and infrastructure, including water systems, emergency communication networks, transportation grids, and law enforcement and first responders, from being disrupted or jeopardized.

Related Posts

Get Started

Contact Us

Get In Touch

Fill out the form below and we will contact you shortly.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.