As government agencies have increased their digital presence through social media, websites, or other online channels, they also have put themselves in position to be attacked outside of their traditional digital perimeters. These outside attacks can include social media impersonations, account takeovers, false or misleading information, or the disclosure of confidential agency information.
During ZeroFOX’s “Combating Threats Outside your Agency’s Digital Perimeter: Empowering Responsibility and Authority” event on April 20, Federal agency IT leaders discussed how to combat these attacks, and how doing so helps the agency protect Americans.
“For every social media impersonation you take down, every time you protect your brand, every time that you identify a malicious URL and take it down, you’re probably preventing one individual from being defrauded,” said James Saunders, a senior advisor for cybersecurity at the Office of Personnel Management (OPM), and former chief information security officer (CISO) at the Small Business Administration (SBA).
“You’re impacting someone’s livelihood. In truth, it’s not the same as identifying something on your internal network, or building a new security apparatus internally, or zero trusting your network – that’s protecting you, your agency, your staff. But the work you do outside it – again, that digital perimeter – you’re directly impacting the individual who otherwise could fall into a bear trap,” he added. “[With] that one action you’re saving, protecting, and helping some American out there.”
Saunders said the number of these outside-the-perimeter threats – especially social media impersonators – has increased over the last year. Beginning in April 2020, SBA took down about 600 social media impersonations. However, before Saunders left SBA in March 2021, he said they were on track to take down 2,000.
Saunders said SBA has a team called the Cyber Threat Intelligence Team, whose sole job is to tackle these non-technical threats. The team also partnered with the agency’s Public Affairs Office to ensure Americans would not mistake a fraudulent social media account or website for SBA.
Steven Hernandez, who is CISO at the Department of Education, said his agency also has teams that scour the dark web threat hunting. However, Hernandez said his agency recently had to expand these teams to account for attacks outside of its digital perimeter and emanating from other tech and social platforms.
“For the most part, it is almost always a watering hole type of attack,” Hernandez said. “Oftentimes that takes place in forms that are well outside of the department’s control so the open web, social media, even platforms like Signal, Slack, etc. are becoming places where these conversations are taking place. Our hub teams have had to expand beyond just the dark web, now into some of the more common places to understand how our attackers are operating and thinking.”
