When government agencies face a network breach, having a planned response protocol in place can make all the difference, according to industry experts.
“The first thing that they have to do is they have to really take a hard look at their incident response protocol,” said Rob Potter, vice president of public sector at Symantec. He added that recovering from a breach can become significantly harder without a response plan in place.
Roger Barranco, director of global security operations at Akamai, said agencies and organizations should structure their most critical machines and systems into tiers of importance so that resources can be correctly allocated in the event of distributed denial of service (DDoS) attacks.
“The best way to defend against DDoS is to be prepared in advance,” said Barranco. “The easiest thing to start with is understanding your fallback plan.”
Agencies “also need to have processes and procedures in place for investigation and remediation tasks, such as responsibilities and delegation, documentation, status updates, communication channels and reporting, within their security team and at the management level,” said FireEye principal consultant Matthew Dunwoody. “Organizations should also consider establishing a relationship or retainer with an outside organization or vendor, in the event that they want outside assistance.”
Reaching out to industry partners to help develop plans and relationships to prepare for future hacks is also important. And the more breaches that occur, the more likely agencies are to start seeking out plans and advice. For example, after the 2015 breach, the Office of Personnel Management made a point of contacting security companies for strategy and planning advice.
“There are a lot of agencies where they have a lot of very proficient analysts, very proficient information security people, but they don’t necessarily have the specific skills of incident response,” Potter said, adding that industry partnership can work to fill these gaps.
Join the 2017 Akamai Government Forum on March 28 at the Grand Hyatt, Washington, D.C., to learn more.
“Just as with private industry, not all government organizations have the experience or expertise to respond to complex security incidents. Some just want a second set of eyes,” said Dunwoody. “As a private company, we are apolitical, are able to leverage and share relevant intelligence more openly, and can provide immediate, hands-on expert support.”
Potter explained that many government conversations with industry include discussion of both preventative measures and incident response.
“It’s part of every conversation,” Potter said. “You’re not seeing conversations anymore about only this or only that.”
“I don’t think these are discrete, exclusive, or conflicting goals,” said Dunwoody. “Remediating an attack often requires implementing new security controls, and a network designed to prevent and contain compromise is much easier to defend. These elements can feed into each other, as preventive controls provide alerts and impede attackers so that defenders have time to respond, and defenders searching for, and responding to, threats provide feedback to improve controls and detection.”
Barranco added that often agencies focus more effort on the front-end protections than fallback plans, which will still work on most days, but not be able to handle a large-scale DDoS breach.
“The easy answer would be that you can never devote enough resources to this,” said Potter. “We’re always going to be outmanned.”
However, Potter said that the past two or three years have seen a dramatic increase in agency competency and understanding of incident response, in large part due to training and awareness campaigns. He added that he has been very impressed with how agencies have taken the NIST Cybersecurity Framework and been able to identify the technologies and tools that will help them fulfill parts of those requirements.
Securing a 21st century government–from the data center to the cloud to the Web–means exercising greater control over the uncontrollable. The reality of today’s instant access, always-on world means that a lot can go wrong. So, how can the new administration combat increasingly sophisticated cyber threats? Join the 2017 Akamai Government Forum on March 28 at the Grand Hyatt, Washington, D.C., to find out.