As the war on cybersecurity evolves and intensifies, policymakers face a near impossible challenge of anticipating and understanding its twists and turns, the new threat vectors and the relative merits of current security approaches. If policymakers and government officials are to create cybersecure environments, they must shift their philosophy and strategy from protectionism to active response that reduces risk, minimizes damage, and stays ahead of new threats and weapons. This is a war for the data, not the infrastructure.
Does this mean that traditional approach toward cybersecurity is failing? – Yes, the traditional approach can and must be replaced. The traditional approach is failing because it relies on tools, capabilities, and strategies built on a decades-old foundation that is hardware-based, network-first, and perimeter-focused. It relies on the notion that perimeters can be hardened enough to prevent intrusion, but history proves that false. There is no magic technology or hardened perimeter that will keep out determined intruders.
The cybersecurity incidents and breaches are now inevitable. What is needed is an approach that recognizes the inevitability of breaches and makes networks and systems resilient, reduces risks, mitigates attacks, and minimizes damage. Moreover, this approach will save time, lower costs, and increase effectiveness.
Identity, Instead of Perimeter
Public sector networks and systems contain an invaluable repository of state secrets, citizen private data, and law enforcement information. Protecting them is one of the most profound responsibilities of policymakers. If policymakers and decision makers remain focused on preventing intrusions, they will forever be relegated to fighting yesterday’s war, reacting after the damage is done. Under the new approach, identity replaces the perimeter as the starting focus. All access to systems and data is controlled entirely by the authentication of the requesting individual.
Shifting From Prevention to Active Response – a Public Sector Imperative
These are the principles and measures of the new approach:
- Zero Trust: Assume every access request is invalid until validated, because in today’s world, you cannot control or secure everywhere your data must go.
- Software-Defined Perimeter: Provide seamless least-privilege access and a reduced attack surface.
- Micro-segmentation: Create micro-perimeters – hyper-secure tunnels to protect critical workloads of data in flight, isolating critical assets, minimizing lateral movement, and prioritizing the most important assets.
- End-to-End Encryption: Protect data in transit, no matter the underlying infrastructure to reduce attack surface and compliance and audit scope, and ensure confidentiality, integrity, and data access.
The active response is crucial because it prevents a threat from moving around a network. It also minimizes additional infections while it is being investigated. The adversarial methods and models of cybercriminals are constantly evolving. The contested networked environment is not static, nor should be our strategy and response. The ability to detect, adapt, and respond in dynamic fashion at network speeds to ensure resiliency – that is the future.
The above new approach reflects the realities of today’s actual environment and where it is headed. There are enemies to defeat and threats to avert, and yesterday’s approach will not serve. Citizen trust in public sector entities is a delicate commodity, easily diminished when breaches disclose a failure to secure data.
For more information, please click here.