Page 102 - Cyber Warnings
P. 102
How many .gov websites employ compromised third-party components like CDNs in their digital
supply chain? How many are asking for PII but don't have a current SSL cert? How many were
registered outside of compliance?
Because many organizations lack this visibility outside the firewall, allegations that Russian
hackers influenced the 2016 election cycle have caused many people to wonder if federal
agencies are prepared to defend their modern attack surfaces.
Because the stakes couldn’t be higher, I commend the order’s emphasis on agency
leadership’s responsibility for cybersecurity, which will help make cybersecurity issues a main
priority. After all, the hackers potentially working on behalf of Russia are just some of many
adversaries attempting to disrupt the U.S. government.
As agencies expand their digital footprints across web, social, and mobile channels, thousands
of global adversaries—nation-states, hacktivists, and cybercriminals—do the same, leveraging
the same technologies to propagate malware and fool users into giving up credentials and other
sensitive information.
According to the order, effective immediately, each agency head shall use the Framework for
Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards
and Technology (NIST), which calls for the implementation of five core functions to organize
basic cybersecurity activities at their highest level: Identify, Protect, Detect, Respond, and
Recover.
Leaders responsible for filling these functions should be expected to consider security on their
networks as well as internet beyond their firewalls, enabling their teams to:
• Understand their digital attack surface
• Keep track of how it changes
• Monitor existing, new, and changing assets
• Stay under compliance
Having this type of visibility on the internet requires internet data and automation. What does
this look like?
For Security Defenders: In addition to monitoring and protecting the agency’s network and
network perimeter, security defenders must continually discover and rediscover the agency’s
digital footprint and monitor it for changes.
Such vigilance requires current, full internet intelligence across the web, social media platforms,
and mobile apps.
Always in discovery mode, defenders should be aware of new assets and properties and
immediately be able to assess them for security threats and compliance with government
regulations.
102 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
