The public sector relies on large-scale networks to support critical infrastructure, military operations and government services. Personnel with mobile devices running on different operating systems are accessing corporate data from almost anywhere, increasing network vulnerability. To address these threats, multiple flexible layers of technology and processes designed to discover, destroy and manage these attacks must be implemented. In a mobile world, the public sector must find solutions that incorporate visibility, trust and resiliency into the network.
Over the past decade, network threat vectors have shifted from internal attacks to external attacks. IT staff are researching ways to defend against these assaults, including questioning the reliance on open-standards-based networking versus traditional proprietary systems. With the Internet and Internet protocol–based technologies, the most closely guarded systems are using open-standards capabilities.
Our increasingly global society is changing too fast for proprietary systems to remain a viable option. The complexity of a world with multiple networking protocols favors criminal forces by reducing the number of security providers, dividing local suppliers, and limiting threat response and innovation. Consider the damage that could be done by a hacker with a month or more to respond to a newly discovered vulnerability, instead of the day or two that he has now.
An Architectural Approach to Network Security
Government organizations face unique challenges from cyberattacks, such as coping with acquisition and deployment cycles of months or even years, which heightens the risk that implemented security solutions are outdated before they are switched on. Additionally, regulations and complicated legal requirements govern implementations of new technology. To streamline this, organizations are integrating an architectural three-layer “trust” model to the network to meet evolving security threats, protect assets, detect security breaches and apply appropriate remediation:
- Trusted processes: At the foundation of this model are processes that allow organizations to plan, design, develop, implement and operate systems in order to mitigate risk and strengthen security for the lifecycle of the intelligent network.
- Trusted systems: These are systems in which integrity and interactions of both hardware and software elements have been designed to globally accepted standards, with security emphasized through the following:
- Product assurance: Design and product development elements ensure the integrity of hardware or software products (i.e., best software development practices, strong processes for managing third-party code security and so on).
- Supply-chain integrity: The process by which hardware is manufactured and software is developed complies with appropriate security standards. Buying from trusted vendors with robust supply-chain standards and stringent Common Criteria certification requirements has been found to help close the vast majority of security loopholes.
- Common Criteria certification: An international standard for evaluating and certifying product security.
- Trusted services: End-user services and capabilities enabled by IT systems, hosted within network elements, discrete devices or the cloud or by industry providers.
Based on this three-layer model, organizations are able to make key network-security improvements by streamlining internal processes:
Agencies should differentiate levels of data protection by ranking assets according to value.
- IT shops should take stock of physical assets that connect with or touch the network. Also, establishing a baseline of activity and performing diligent monitoring allows IT teams to identify and correct weaknesses created by untrusted devices and to block users as needed.
- Configuration management and software version control for network devices are two other areas where most organizations can make significant security improvements.
- The agency must monitor vendor vulnerability disclosures and act to reduce potential exposure.
- Having a high level of system resiliency helps ensure that a cybersecurity incident is appropriately managed. The network must quickly respond to breaches by isolating the affected area.
- Network administrators should take advantage of dynamic routing protocols, redundant paths and analysis of data collected by embedded sensor processes and security intelligence operations to contain damage by existing and emerging cyberthreats.
- IT managers must educate staff using the network.
- Agencies should accommodate today’s evolving workforce. Don’t ban social networking; instead, enforce a responsible policy for traffic coming to and from these sites.
IT decision makers must recognize that a fully secure network takes time, planning, development and implementation of a setting that includes the people creating processes. Leading security providers are committed to bridging the gap between industry and government while supporting public-sector requirements to enable strategy, education and new technologies.