The government sector and all of the agencies that make up this powerful ecosystem play an integral role in global safety and security. Whether considering the U.S. or other countries around the world, cybersecurity tends to be a core factor in national security affairs. As countries increasingly rely on technology to fulfill basic living needs such as getting access to clean water, electricity, and transportation, the risks drastically expand. Moreover, in the United States, for example, governing bodies have a duty to protect these assets, often referred to as critical infrastructure.
Like any organization, government agencies and their assets are subject to the same cyber threats that private sector companies face. They have critical systems that if disrupted, could negatively impact millions. They house and process highly confidential information that, in the wrong hands, could wreak havoc on a global scale. The bottom line is that they have resources that attacks can benefit from, and it makes the government an attractive target. One report noted that agencies dealt with over 35,000 incidents in a given year – a number that has likely increased over time.
Key cyber challenges in the government sector
Protecting government assets gets complicated for several reasons. The main three we’ll highlight here are ownership, resources, and elevated risk.
Some assets are owned by and support the operation of the agencies, and some are critical assets that support citizens but aren’t owned by the agencies. This can pose a challenge. In transportation, for example, the Federal Aviation Administration (FAA) and Department of Homeland Security (DHS) play significant roles in the security of aviation sector assets but do not own all of the assets. The main assets, such as aircraft, are usually owned by private sector companies such as airlines. While there is a mutual interest and shared responsibility to protect these assets, the ultimate ownership is in the private sector.
Secondly, government agencies are often working with limited resources. If an adequate budget isn’t granted for a given initiative, then security ultimately suffers. Though security is a top priority for many countries and governing bodies, competing priorities in resource-restricted regions may end up less empowered to fully dedicate to a cybersecurity strategy.
Lastly, there are elevated risks and a potential heightened impact when things go wrong in this arena. While most breaches seen in the headlines have resulted in a loss of data or finances, attacks against critical infrastructure and government entities can cause far more significant damage. For example, cyber warfare, cyber terrorism, and other virtual threats to national security are of concern.
A few cyber breach examples in government sector
We’ve seen several breaches happen in the government sector over the last decade – a constant reminder that even with the most advanced security systems, nobody is exempt from these creative attacks. Though the worst of the worst are likely classified and not shared with the public, here are a few examples of breaches that have targeted government sector entities.
General attacks against agencies
The DHS reported earlier this year that government agencies were generally being targeted with cyberattacks involving domain name infrastructure tampering. The attacks originated from Iran and came during an interesting period of the government shutdown, leaving the DHS unfunded and potentially hindering the ability for agencies to fight back.
Government offices hit with Ransomware.
The City of Baltimore
Baltimore became one of the latest headlines regarding ransomware in May 2019. The city found itself in hot water when a successful ransomware attack brought down a portion of its government systems. The incident resulted in an impact to critical communication technology such as email, vehicle citation systems, and taxation technology.
Cyberattack against the Office of Personnel Management
The Office of Personnel Management (OPM) cybersecurity data breach resulted in the theft of millions of data records. The loss included information such as fingerprints, security clearance documents, and social security numbers. Years before the breach was discovered, the attackers made their way into the network and allegedly installed malware that allowed them to steal essential documents regarding the organization’s infrastructure, operations, and more. The attackers were able to pose as legitimate employees to create a backdoor on the network and move further in their attacks. This went on for several years, undetected by OPM.
A way forward that includes an emphasis on understanding and addressing Insider Threats
It’s imperative to have not only a clear and robust cybersecurity strategy but also the right talent to deliver. In addition to having the right skills, in this space, employee trust and security clearance matter deeply. One study found that almost 80% of breaches in the government sector involved some form of Insider Threat. In another report from the Carnegie Mellon Institute, government entities reported that the majority of internal fraud cases were committed during standard working hours, with losses sometimes exceeding $1 million per incident. Also, half of the attackers were with the entity for over five years. This means that they knew the ins and outs of the systems and how to circumvent security controls best.
Insider threats can cause severe damage in government agencies, making having a robust data loss prevention strategy built on a solid foundation of Insider Threat Detection key. Modern AI-based Insider Threat technology can further fill this need by intelligently identifying suspicious behavior where the stakes are high and the likelihood of Insider Threats even higher.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.