The devastating impact of the WannaCry cyberattack on the NHS in May last year marked a turning point in the UK public sector’s approach to cyber security. A ‘lessons learned review’ was published by NHS England, followed by the government’s launch of the Cyber Essentials Standard, which identifies fundamental technical security controls that organisations should have in place to help defend against threats. It’s indicative of a government that has come to regard cyber attacks as ‘the new normal’—it’s no longer about ‘potential’ threats, but a common occurrence that must be dealt with appropriately and according to standard protection processes.
Of particular concern is the importance of securing defence organisations and critical infrastructure. In the modern age, these systems are increasingly connected and digitised. While this supports advancements in safety and efficiency, it almost certainly increases the risk of cyber attacks as well.
While the MOD has been at the forefront of national defence since its foundation, cyber defence is a rapidly evolving challenge. To counteract this, there is a lot that MOD agencies can do to develop and maintain good security postures that support these and other efforts. The best form of defence is advanced preparation, which can be done by proactively working to strengthen network defence systems in anticipation of the next threat.
Here are five steps that can be taken to help achieve this:
1) Proactively identify and eliminate vulnerabilities
Better visibility and understanding of network devices can be key to achieving optimum government cyber security preparation. Organisations can do this by maintaining up-to-date device whitelists or known asset inventories and comparing the detected devices accessing the network to those databases. Decisions can then be made based on the whitelist.
Legacy hardware and software applications might have security holes that can no longer be patched. Identifying these vulnerable assets and updating them or replacing them with modern systems that are built for today’s security environment is likely to be more cost-effective—and more secure—than trying to maintain older systems. Recognising that not all legacy systems can be easily replaced, there should be a network isolation and strategy to help secure the otherwise insecure. That said, new systems need to be approached with due caution; in response to an FOI request earlier this year, the MOD cited security/compliance concerns as one of the barriers its agencies experience to public cloud adoption. Taking a realistic, if cautious, view of all technologies before deployment is essential to make sure that new initiatives meet the required security standards before deployment.
2) Update and test security procedures
Security drills should be nothing new for MOD agencies and contractors, and cyber security should be no exception. The US has a great example of this with the Department of Homeland Security’s Cyber Storm biennial exercise series, which puts participants through a series of activities designed to boost their cyber security response capabilities.
But it is equally important to test capabilities on a smaller scale and monitor performance under simulated attacks. It’s good practise for organisations to get into the habit of testing each time a new technology is added to the government network operations. Teams should update and test their security plans and strategies frequently. In short, verify, then trust. An untested disaster recovery plan may end up as its own catastrophe.
3) Prioritise education
Lack of training could pose risks if IT professionals are not appropriately knowledgeable about the technologies and mitigation strategies that can help protect their organisations. The Cyber Essentials scheme can assist in this regard – it offers three levels of engagement, including knowledge, certification, and enhanced certification to help IT teams to understand needs and establish a set of standards for their organisations.
Once these standards are in place, it’s important for senior leadership to consistently reinforce them with weekly meetings, quarterly check-ins, reports, or other means. Establishing that baseline level of knowledge can help those on the cyber security front lines better understand what is at stake and where they need to focus their efforts.
It’s also sensible to invest in continuous user training to support team efficacy. This includes solution training, but it may also encompass sessions that focus on the latest malware threats, hacker tactics, or the potential dangers posed by insiders.
4) Take a holistic view of everyone’s roles
Unfortunately, organisations too often hire individuals with unique skillsets who can be too focused on their individual roles. A network manager might be worried about network penetration testing, for example, while the virus team might be worried about the next WannaCry ransomware attack.
These days, no one can afford to operate in isolation when it comes to digital threats—security should be everyone’s job. Managers must institute a culture of information sharing amongst team members, and the onus is on everyone to be vigilant and on the lookout for potential warning signs, regardless of their job descriptions.
5) Implement the proper procedures for when an attack happens
Threats will inevitably occur and, while there are a variety of mechanisms and techniques that can be used in response, it’s essential that everyone has the correct tools and that these tools work in concert. For instance, a single next-generation firewall is great, but ineffective in the event of data exfiltration over DNS traffic.
To help protect MOD agencies, employing a suite of solutions that can accurately detect anomalies originating both inside and outside the network would be beneficial. These should include standard network monitoring and firewall solutions. Organisations may also want to consider implementing automated patch management, user device tracking, access management, and other strategies that can provide true defence-in-depth capabilities.
Most important is developing and routinely testing your emergency response plan. Just as the UK Fire and Rescue Services practise fire response and life-saving services, MOD organisations should also practise their network breach response. It is hard to learn how to extinguish a fire on the fly.
The good news is that when an attack occurs, MOD agencies and contractors can use the insights gained from the incident to learn, perfect, and prepare for the next one. The proactive defence cycle outlined here should start afresh so that when another threat rears its head – and it will – the MOD will be better equipped to meet it head on.
If you would like to join our community and read more articles like this then please click here.