A quick internet search exposes two recent and very serious agency attacks – Office of Personnel Management (OPM) and the Pentagon’s Joint Chiefs of Staff – in which tens of millions of personnel records were stolen and email systems were taken off line for more than a week. And the cyber attack methods, or vectors, are evolving at a dizzying pace. Each new one is more sophisticated than the last one. And those perpetrating the cyber attacks are patient, methodical and purposefully stealthy.
Despite the growing number and variety of cyber attacks – zero day, spear phishing, advanced persistent threat, denial of service (DDoS), etc. – they all almost always have one thing in common. They are using the very same network data connections that federal agencies and their employees use in order to carry out their attacks. That’s right. Theft of government data (tens of millions of sensitive government personnel records at OPM), and even exfiltration of command and control data (necessary for guiding the attacks and conducting pre-attack reconnaissance) are occurring across the same data links that carry agency email, application, communications and Internet bound traffic.
What’s more, the same security technology that the federal government uses to keep its data secure is likewise being used by cyber adversaries to cloak their attacks and data theft. For example, secure socket layer (SSL) is widely deployed by government agencies for encrypting data in transit – inbound and outbound. And these same, encrypted traffic flows are proving to be a convenient and effective way for attackers to upload and steal sensitive data.
Consider the classic security model has always been to stop the attack at the network perimeter (firewall, intrusion prevention) and to protect the client (signature based anti-virus) in order to stop bad things/people from getting in. Contrast this with the new cyber normal. The perimeter has evolved to users (access) and applications (protection). The users expect – demand – an exceptional and secure application experience regardless of their access method (mobile, VPN, web), where the application resides (on premises, cloud, hybrid), or how much technical complexity is between them and the application.
All of this is happening in a world in which a “zero trust model” is the new norm. Trust no user, no application, no access request, and no device – and apply all security services necessary across a growing array of security devices in order to establish trust and ensure application access security. Whew! What an enormous challenge federal agencies face. And with all of the security technology – services, mechanisms, vendors, and devices – the “silver bullet” solution to all of this is more elusive than ever.
Back to that one attribute most of these attacks have in common. What if there was a solution today that could persistently inspect every single outbound data flow across agency networks – even the encrypted connections (selectively) – to validate the legitimacy and integrity of the data traffic? Such a solution could select which traffic to inspect and which to avoid (healthcare, banking, for example); and it would incorporate the very best in advanced threat detection; intelligent traffic inspection and SSL process offload (key management, en/decryption, connection scale). Industry is working together to develop such solutions that can identify and stop hidden threats within SSL connections and then deploy advanced threat protection with much greater scalability. And while there is no one single solution that will eliminate every cyber threat faced by the U.S. federal government, we are working to push the needle forward and address a very real, complex, and widespread problem.
Randy Wood is Vice President, US Federal Sales at F5 Networks. In this role, Randy is responsible for customer advocacy, mission partnership and leading F5’s sales business within the Federal government market.
COMMENTS