Government agencies of all types (Defense, Civilian, Intelligence and State & Local) are doing their very best to stay up to date on evolving threats. Many are understandably laser focused and dedicated to understanding all aspects of ransomware, and the newer triple extortion attacks. Also taking up some brain real estate for most professionals are the cyber risks surrounding the remote workforce and the dependence on VPNs, VDI, etc. which we know are susceptible to DDoS. Since we can all surmise that the remote workforce is never going to go away and rather wane and wax situationally over time, continuity of operations is still going to be impacted by how well agencies can protect their remote workers and their access to services. This is goodness and the right course of action in my opinion even if one’s sleep is impaired.
Adding to the sleep deprivation is no shortage of high-profile attacks. The volume, sophistication, and persistence of these types of attacks have had more ‘force-multiply’ negative effects than ever before. Couple this with global economic and geo-political changes that are putting even more pressure on governments to serve their constituents and complete their missions, and you have an ideal recipe for less REM sleep. I believe agencies know they are at an elevated risk of attack and are still struggling to operate their network with the bulk of users outside the perimeter. Not to mention grappling with how to secure the new “perimeter” along with the anticipated supply chain attacks that are likely to emerge.
If counting sheep is not working as well as advertised, then there are architectural and security solutions that can help mitigate this risk of device susceptibility to volumetric attacks (think VPNs, firewalls, and IPS which are stateful processing devices). Protecting those devices from attacks may not solve all your worries but it is one more counted sheep that could make a difference.
Agencies who are well down the path of establishing a zero-trust architecture (ZTA) still may not be sleeping well at night, but they might have fewer nightmares. To understand ZTA you must look past the ZTA pillars and focus also on the foundational portions of the ZTA. Many already know that many of the early ZTA failures were around the lack of visibility and analytics. Think about it, we all know blind spots are dangerous things when driving a car, but security blind spots and lack of context, actionable intelligence, and practical knowledge can be even more dangerous to an agency, its people, and its mission. That will keep anyone awake at night.
That’s why I am a fan of the “trust but verify paradigm.” You can’t defend what you can’t see. A good plan is one that works to achieve what it was intended, even if lacks some sizzle. When it comes to cyber defense, most agencies don’t have the luxury of failing once, let alone again. You must make it achievable.
So, if you want to sleep better at night, I’m no doctor and making no promises, but I think if agencies stop and look at past and present successes and failures, they will see that having better visibility and analytics gives them the insights needed to be successful. Visibility and analytics are subsets of what NETSCOUT does and we continue to make advances including the release of Omnis Cyber Intelligence (OCI) (see https://www.netscout.com/product/cyber-intelligence). OCI was designed to fit into customer ecosystems and provide proactive and actionable intelligence, both real-time as well as retrospectively. It also might help you sleep through the night.