The Internet of Things (IoT) has broadened the potential attack surface for bad actors that wish to infiltrate Defense Department networks. Hundreds of thousands of potentially unsecured devices are being used every day by government employees and agencies have embraced the use of distributed data centers to accommodate the increased network traffic.
This broadened attack surface has made network defense far more challenging than ever before — and the federal government has taken notice. Last year, lawmakers in Congress introduced the Internet of Things Cybersecurity Improvement Act of 2017. The bipartisan legislation takes a hard-line stance by requiring that all devices purchased by federal agencies meet certain security standards, including the ability to be easily patched and free of known vulnerabilities.
This type of legislation is a viable and important start, but it behooves federal IT administrators to go even further.
Federal Networks Must Become Security Enforcers
Agency IT leaders must take new and fresh approaches to network security to ensure that they are protecting their networks in a world where data is everywhere. Data is now shared across multitudes of devices and is stored in global data centers and multicloud environments. The bad actors are not necessarily outside the network. Some may be insiders, using devices that can create security compromises, intentionally or not.
In this environment, traditional perimeter security is insufficient. Today's perimeters must be broad, elastic and adaptable and security must be an inherent component of the very networks administrators are working to protect.
Networks are comprised of various pieces, including firewalls, routers, switches and other critical elements. As hardware, these pieces served very rigid purposes, but as they become software-defined, they also become more malleable.
A firewall meant to keep intruders out can also be used to detect insider threats, while a router that moves data packets can also be used for security alerts. Whether physical or virtual, agencies now have the ability to use these solutions to create a living security apparatus that takes risk management far beyond the typical perimeter.
How Agencies Can Automate and Orchestrate Rapid Response
The foundation of this strategy is to simplify security management through automation and orchestration. The idea of securing thousands of connected devices manually is daunting, impractical, inefficient and impossible.
Creating a single domain for real-time threat analysis through the unification of traditionally disparate network elements, including firewalls, routers, switches and other tools, is a much more practical and effective solution. When complemented by automated policy enforcement, this can greatly reduce the potential attack surface.
Using network components as enforcement points and incorporating them with malware detection capabilities eliminates the need to manually configure and monitor security across multitudes of devices or disparate data centers. The components can serve as active participants in threat detection and risk mitigation, automatically alerting administrators to any potential anomalies and blocking exploits with minimal human intervention.
A single component can be programmed to automatically enforce and deploy a blanket security policy across the entire network. For example, real-time feedback and analysis derived from a firewall can immediately be shared with other devices to ensure that they follow the appropriate security protocols to keep the network safe. This creates a highly agile and adaptable safety net that can be effective at responding to and mitigating inside and outside threats.
Intelligent machine learning can then be used to better respond to and combat future threats. By correlating data back to specific events and performing post-threat forensic analysis, the automated system can gather information from past intrusions and adapt and fortify itself. The system learns as it goes along, creating an even stronger defense mechanism against evolving threats.
The Human Factor Continues to Be Essential
Of course, human beings will still play an essential role in driving policy and decision-making around network security. As such, it is essential that administrators maintain a centralized viewpoint of everything going on within their networks.
Establishing complete visibility and control over the security posture of devices, applications and data will always be important. Increased automation and orchestration will also greatly simplify and streamline administrators' management duties, allowing them to focus more on mission-critical tasks that will advance their agencies' objectives.
IoT technologies can help agencies achieve their goals, too, but that cannot come at the cost of security. Congress has taken some initial steps toward protecting agency networks by outlining the need for tighter purchasing restrictions around IoT devices, but administrators must do even more. They must go beyond traditional perimeter security and embrace risk mitigation methods that are adaptable, automated and intelligent.