Posts

By working together, our government can provide a unified front in the face of an evolving threat landscape

Nexgov | March 8, 2019

By RedSeal Federal CTO Wayne Lloyd

During the recent State of the Union address, President Trump spoke of many threats that face our nation, however, he missed a big one. Cyberattacks from China, Russia, Iran, other nation-state actors and cyber criminals alike are on the rise and have the potential to impact industry, our economy and the government functions many rely on. Cybersecurity is a growing part of our national security and the federal government must take steps to improve our preparedness and response times.

Why Digital Resilience Is The Most Important Cyber Metric for 2019

Government Technology Insider  | January 19, 2019

The cybersecurity industry is not generally known for the quality of its metrics. In a field where the absence of something happening is the best possible result, it’s been hard to find a meaningful way to communicate how prepared an organization is to withstand a cyber attack, or even to tell if a cyber team is getting better at what it does.

And the Cybersecurity Survey Says…Federal Cyber Teams Share Challenges, Perspectives and Vision

Government Technology Insider  | January 16, 2019

Cybersecurity experts often like to tell the federal government what it needs to be doing better to deliver on the mission. But how often do they listen to federal government cyber teams to find out what their principal challenges are? And, moreover, how often is that insight collated, analyzed, and shared across civilian and military agencies?

To Build the Federal Government’s Digital Resilience, Focus on Integration

Government Technology Insider  | January 2, 2019

With Wayne Lloyd, RedSeal Federal CTO

As anyone who works in any government IT field can tell you one of the greatest frustrations they face is integrating their many products. Regardless of whether an agency has begun its migration to the cloud or is just operating data centers, silos undermine the potential of technology and can even compromise an agency’s ability to meet its mission.

Cyber Hygiene And Digital Resilience To Withstand A Cyber Attack

ITSP Magazine | October 25, 2018

By Wayne Lloyd, RedSeal Federal CTO

After both the first and second Gulf wars, nation states such as North Korea, Iran, China and others came to the same conclusion: under no circumstances get into a shooting war with the United States military. The sole superpower in the world had a military so advanced and superior on the battlefield it left little doubt about the outcome.

RedSeal and DHS CISO’s Current Priorities

In early August, at MeriTalk’s Cyber Security Brainstorm, Paul Beckman, chief information security officer (CISO) at the Department of Homeland Security (DHS), said that his biggest new priorities are:

  • Increasing use of software-defined networking (SDN)
  • Adopting a zero-trust model
  • Optimizing DHS’ security operations centers (SOC)

He added that the ability to leverage micro segmentation in cloud or SDNs is an efficient way to provide network data security services.

Which is true to an extent.

Unfortunately, Mr. Beckman puts too much trust in SDN security. If that word “software” does not concern you, then you are not thinking about the problem hard enough.  Humans make and deploy software and humans make mistakes, even in something called “software-defined.” They often don’t see what’s exposed as they build out their architecture. They may have intended to have something segmented and not realize it isn’t.

SDNs grow and change quickly. An equally agile modeling solution can ensure that any mistakes are caught and fixed rapidly. There can easily be millions of rules to check as workloads spin up and down too fast for any human to keep up. RedSeal will validate all your security rules over time to ensure that configuration drift doesn’t cause segmentation violations.

Agencies can create risks, too, by making multiple changes over time without comprehending the combined effect those changes have on end-to-end security. This problem is exacerbated by SDNs because of the ease and speed of change they offer. To reduce the risks and realize the true power of SDNs, agile change control should be part of your approval process. This will allow you to model changes at machine speed to see exactly what effect a change will have on end-to-end security.

Added to architecture, updating and workflow issues, is the fact that most SDNs exist in hybrid data center environments, connected to other SDNs, public clouds and physical assets. RedSeal’s model of your network includes all your environments, so you can see access between and within each one. While I agree that SDNs are an improvement on the earlier way of providing security services, they are not a silver bullet.

Mr. Beckman also said, “One of the things that I think we are, as an IT organization, going to be evolving to, is that zero-trust model. Traditionally the perimeter was your primary means of defense, but once you got into the squishy center, you were generally a trusted entity. That needs to go away.”

With zero trust, he said that you need to authenticate everything a user is trying to access inside the perimeter. It’s a great idea for any organization to trust no one on the inside of a network and make them prove they’re authorized to be there. But what happens when credentials are compromised? It is harder to do today, after implementation of two factor authentication procedures and password managers, but not impossible. Hackers still find a way.

Lastly, Mr. Beckman wants to consolidate 16 independent SOCs into four or five centers operating in a “SOC-as-a-service” format. These kinds of consolidation efforts have happened before. The government has put a lot of effort into merging SOCs, only to have them split apart again due to performance issues or mission requirements.

What is new and admirable is a focus on grading the performance of each individual SOC. Identifying poor performers and merging them with high-scoring SOCs seems like a logical way to take advantage of the limited numbers of highly skilled security professionals and improve outcomes. Again, this sounds good in theory. We will see how it works in real life environments.

For more information about how RedSeal meets the DHS’s highest priorities this year, visit our website at: www.redseal.net/government.

ICS Security: ‘The Enemy Is in the Wire’

Dark Reading | July 12, 2018

By Wayne Lloyd, RedSeal Federal CTO

Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.

“The enemy is in the wire.” During the Vietnam War, this call would ring out to alert everyone that the enemy was in the perimeter of fortifications. In our cyber world, we’ve known this for years; however, the call rang frighteningly true in May of this year.

This particular enemy was first discovered in August 2017, as a new piece of malware, now known as Trisis. A Middle Eastern oil and gas company found the malware when its industrial equipment started shutting down.