Cybersecurity

Cybersecurity Trends In The Government Sector

By Dr. Christine Izuakor

The government sector and all of the agencies that make up this powerful ecosystem play an integral role in global safety and security. Whether considering the U.S. or other countries around the world, cybersecurity tends to be a core factor in national security affairs. As countries increasingly rely on technology to fulfill basic living needs such as getting access to clean water, electricity, and transportation, the risks drastically expand. Moreover, in the United States, for example, governing bodies have a duty to protect these assets, often referred to as critical infrastructure.

Like any organization, government agencies and their assets are subject to the same cyber threats that private sector companies face. They have critical systems that if disrupted, could negatively impact millions. They house and process highly confidential information that, in the wrong hands, could wreak havoc on a global scale. The bottom line is that they have resources that attacks can benefit from, and it makes the government an attractive target. One report noted that agencies dealt with over 35,000 incidents in a given year – a number that has likely increased over time.

Key cyber challenges in the government sector

Protecting government assets gets complicated for several reasons. The main three we’ll highlight here are ownership, resources, and elevated risk.

Some assets are owned by and support the operation of the agencies, and some are critical assets that support citizens but aren’t owned by the agencies. This can pose a challenge. In transportation, for example, the Federal Aviation Administration (FAA) and Department of Homeland Security (DHS) play significant roles in the security of aviation sector assets but do not own all of the assets. The main assets, such as aircraft, are usually owned by private sector companies such as airlines. While there is a mutual interest and shared responsibility to protect these assets, the ultimate ownership is in the private sector.

Secondly, government agencies are often working with limited resources. If an adequate budget isn’t granted for a given initiative, then security ultimately suffers. Though security is a top priority for many countries and governing bodies, competing priorities in resource-restricted regions may end up less empowered to fully dedicate to a cybersecurity strategy.

Lastly, there are elevated risks and a potential heightened impact when things go wrong in this arena. While most breaches seen in the headlines have resulted in a loss of data or finances, attacks against critical infrastructure and government entities can cause far more significant damage. For example, cyber warfare, cyber terrorism, and other virtual threats to national security are of concern.

A few cyber breach examples in government sector

We’ve seen several breaches happen in the government sector over the last decade – a constant reminder that even with the most advanced security systems, nobody is exempt from these creative attacks. Though the worst of the worst are likely classified and not shared with the public, here are a few examples of breaches that have targeted government sector entities.

General attacks against agencies

The DHS reported earlier this year that government agencies were generally being targeted with cyberattacks involving domain name infrastructure tampering. The attacks originated from Iran and came during an interesting period of the government shutdown, leaving the DHS unfunded and potentially hindering the ability for agencies to fight back.

 

Government offices hit with Ransomware.

 

The City of Baltimore

Baltimore became one of the latest headlines regarding ransomware in May 2019. The city found itself in hot water when a successful ransomware attack brought down a portion of its government systems. The incident resulted in an impact to critical communication technology such as email, vehicle citation systems, and taxation technology.

Cyberattack against the Office of Personnel Management

The Office of Personnel Management (OPM) cybersecurity data breach resulted in the theft of millions of data records. The loss included information such as fingerprints, security clearance documents, and social security numbers. Years before the breach was discovered, the attackers made their way into the network and allegedly installed malware that allowed them to steal essential documents regarding the organization’s infrastructure, operations, and more. The attackers were able to pose as legitimate employees to create a backdoor on the network and move further in their attacks. This went on for several years, undetected by OPM.

 

A way forward that includes an emphasis on understanding and addressing Insider Threats

It’s imperative to have not only a clear and robust cybersecurity strategy but also the right talent to deliver. In addition to having the right skills, in this space, employee trust and security clearance matter deeply. One study found that almost 80% of breaches in the government sector involved some form of Insider Threat.  In another report from the Carnegie Mellon Institute, government entities reported that the majority of internal fraud cases were committed during standard working hours, with losses sometimes exceeding $1 million per incident. Also, half of the attackers were with the entity for over five years. This means that they knew the ins and outs of the systems and how to circumvent security controls best.

Insider threats can cause severe damage in government agencies, making having a robust data loss prevention strategy built on a solid foundation of Insider Threat Detection key. Modern AI-based Insider Threat technology can further fill this need by intelligently identifying suspicious behavior where the stakes are high and the likelihood of Insider Threats even higher.

Insider Risk – How Prepared Are You?

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Dr. Christine Izuakor
Dr. Izuakor is the Senior Manager of Global Security Strategy and Awareness at United Airlines where she plays a critical part in embedding cyber security in United’s culture. She is an adjunct professor of cyber security at Robert Morris University, and independently helps corporations solve a diverse range of strategic cybersecurity challenges.

Insider Risk & Employee Monitoring Resources

Smart Year-End IT Investments- A Trifecta for ROI

Smart Year-End IT Investments- A Trifecta for ROI

Drive Productivity, Reduce Insider Risk, Enforce Compliance As the year wraps up, many IT, security, compliance, and HR teams have unspent budgets that won't roll over. Rather than scrambling for last-minute, low-value purchases, why not make smart, strategic...

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Key Takeaways: Closing the Gaps in Traditional Security Tools: IAM, SIEM, and DLP are vital but insufficient in addressing insider risks. They focus on access control, event logs, and data protection without understanding the behavioral context that signals insider...