The cyber attacks keep coming. Efforts to protect government IT systems inspire adversaries to dive to new depths of ingenuity.
There’s no single solution for escalating cyber threats. But the world’s leading experts on cyber crime focus on three anchors to effective cyber defense: cloud technologies, automation and zero-trust architectures.
One of those experts is M.K. Palmore, a director in the Office of the CISO for Google Cloud, where he is focused on supporting mission outcomes for public-sector customers. In 2019, Palmore closed a more than two-decade career at the FBI as special agent in charge of a large investigative team under the Cyber Division. He sees what cyber criminals can cook up — and he doesn’t expect them to back down.
“You have to think of adversaries as experts at ROI,” Palmore says. “Their ability to identify return on investment of their time and capabilities is bar none.”
Their efforts shocked the nation in 2021 when attackers shut down the Colonial Pipeline, disrupting gasoline deliveries for days on the Eastern Seaboard of the U.S. The company forked over a $4.4 million ransom to resume operations. (The U.S. Justice Department recovered $2.4 million.)
A recent report from Government Technology cites surveys suggesting half of all U.S. government agencies were hacked in 2021. The sources of breaches are also expanding. For example, Gartner expects attacks on software supply chains to jump 45 percent by 2025.
Here’s why Palmore says cloud adoption, automation and zero-trust security are critical cyber defense:
Mobile devices, remote sensors and new applications flood networks with data every day, evaporating the traditional network perimeter. On-premises data centers and legacy technologies can’t keep pace with ever-evolving attack methods and relentless expansion of the threat environment.
“The attack surface is so immense that even the best security organizations find it difficult to wrap their hands around the challenge that they face,” Palmore says. But agency leaders must start somewhere.
Cloud technologies present an easy decision because cloud providers have a strong incentive to lock out intruders. And cloud environments provide scale, flexibility and cost controls that are lacking in on-site data centers.
Of course, cloud adoption can be complicated. Most agencies will adopt a hybrid mix of on-prem and public cloud technologies. They’ll need to think about using the security advantages of cloud platforms to nurture what Palmore calls a “digital immune system.”
Building these immunities requires the agility of the cloud and the security resources of hyperscale public cloud providers. Legacy, on-premises systems simply can’t keep up. “It’s a bit of a lose-lose proposition when you think about the constantly shifting parameters of adversarial activity,” Palmore adds.
Omnipresent security threats are impossible to defend manually. Palmore advises government agencies to deploy security orchestration, automation and response (SOAR) technologies. A SOAR platform helps agencies create automated playbooks that provide a critical piece following the ingestion of telemetry and helps in cataloging and analyzing threats.
SOAR technology provides a proven and methodical response to threats that might otherwise go unnoticed and alerts cybersecurity practitioners to issues that are serious enough to require human intervention. From there, cyber defense teams can establish priorities to ensure the organization’s most critical resources are protected. And they can avoid losing hours to minor issues.
“SOAR is a bit of an easy win,” Palmore says.
He adds that artificial intelligence and machine learning (AI/ML) are giving agencies more power to identify and defuse threats. The challenge is that these tools require massive volumes of data to generate useful insights. Hyperscale cloud providers typically process the data volumes required for AI/ML-based security.
“You should be looking for partners and platforms that allow the widest telemetry and data ingestion — and thereby returning more valid and valuable results to practitioners,” Palmore says.
While conceding that zero trust is starting to sound like one of those buzzwords that rankle IT leaders, “it deserves some real inspection by organizations,” Palmore says. A zero-trust approach to cybersecurity drives value by emphasizing five pillars:
- Identity: Authoritatively verifying that every user has a right to be on the network. This typically requires advanced identity and access management (IAM) software.
- Devices: Making all network endpoints visible and documenting their security status. Endpoint monitoring tools help ensure device visibility.
- Network: Preventing authorized users from going where they don’t belong. Machine-learning algorithms identify behavioral anomalies to improve network threat protection.
- Data: Protecting and encrypting information in transit and at rest. Cloud environments and privilege controls boost data protection.
- Applications: Ensuring that application workloads do not introduce security threats. IAM tools help ensure continuous authorization of apps accessing a network.
Palmore says a comprehensive zero-trust architecture includes a decision engine ensuring that all stakeholder identities, devices, applications and data are always verified whenever they are on a network. Moreover, users can access only the network locations required to get their work done.
A mature zero-trust architecture acknowledges bad actors may already have access to a network. But it gives them nowhere to go. “You get the ability to essentially cut off the adversary at their knees,” Palmore says. “This is a big shift.”
Sharing Security in the Cloud
Agency IT leaders must do all they can to thwart cyber attackers. But defending against these threats will remain a moving target. “If an avenue of attack gets shut down, believe me, the adversary will pivot to something else,” Palmore says.
Hyperscale cloud providers invest billions and hire top talent to lock down their systems. When agencies partner with public cloud providers like Google Cloud in a shared security model, they vastly increase their cybersecurity capabilities.
“If we make a significant investment and our customers meet us halfway,” Palmore says, “then we’ve got a synergy that really levels up their capabilities.”
For more information on defending your agency against cyber attacks, see Government Technology’s In Case You Missed It with Google Cloud’s Chris Hein.