The public sector has long been a top target for the world’s most sophisticated cyber adversaries. Unlike profit-motivated criminals simply looking for the lowest-hanging fruit, many of the nation-state threat actors seeking access to confidential information in government repositories – or to cause damage on a massive scale – will never stop trying to achieve their objectives. And, of course, public sector organizations also confront run-of-the-mill ransomware attacks, destructive malware campaigns and attacks specifically targeting operational technology (OT) systems. All told, this is a broad and diverse spectrum of threats.
In recent years, though, defending federal, state and local government technology ecosystems has become even more difficult as attack surfaces have expanded to enable work-from-anywhere and growing cloud adoption has increased configuration and management complexity. The Biden Administration has responded to the persistence and severity of today’s threats by issuing an Executive Order mandating that federal agencies advance towards the adoption of Zero Trust cybersecurity architectures, but lean budgets and persistent skills shortages make it challenging to put Zero Trust principles into practice.
To help public sector defenders overcome these challenges and prioritize what’s most impactful, Carahsoft has teamed up with the SANS Institute to bring together a panel of leading industry experts for the third annual Government Security Solutions Forum. This free virtual event, to be held on July 20, 2023 at 10:30 am EDT, will include expert presentations and panel discussions on how best to counter today’s threats and build a more robust security program for tomorrow.
Participants in the Government Security Solutions Forum come from both public and private sector organizations, including the National Institute of Standards and Technologies (NIST), the MITRE Corporation’s Cyber Infrastructure Protection Innovation Center (CIPIC), the Cybersecurity and Infrastructure Security Agency (CISA) and the SANS Institute itself.
They’ll be addressing current concerns in the public sector cybersecurity space, including the Zero Trust adoption, software supply chain attacks, critical infrastructure threats and cybersecurity workforce development.
Accelerating the move to Zero Trust for Federal and Civilian networks
Even before the Executive Order on Improving the Nation’s Cybersecurity was issued, CISOs in government agencies were pursuing Zero Trust initiatives, though resource and budgetary constraints have sometimes slowed their progress. In the face of today’s threats, it is especially important to advance these initiatives as credential-focused attacks increasingly target remote workers and cloud resources. Implementing Zero Trust security architectures will make it possible for distributed public sector workforces to securely connect to applications, data and networks, no matter where in the world they’re located.
Even as technology’s evolution continues as a rapid pace, CISA has provided much-needed standardization, as well as resources that government agencies can leverage along the path to Zero Trust adoption. CISA’s Zero Trust Maturity Model, for instance, can help public sector organizations build Zero Trust strategies and implementation plans, empowering them to mount more effective cyber defenses and enhance resilience.
Protecting critical infrastructure against today’s highly capable adversaries
As industrial control systems (ICS) become increasingly connected so that they can leverage automation and centralized remote management, cyber risks to critical infrastructures have become one of the greatest strategic risks that the U.S. currently faces. At the same time, defenders often feel as though they’re operating in the dark. Many of the cyber incidents that impact critical infrastructure systems go unreported, so that the true scale and scope of the threat remains largely unknown.
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) is an effort to combat this informational inequality. It will require critical infrastructure operators to report significant cyber incidents or ransom payments to CISA within a specified time period. Complying with this requirement will mean implementing new ICS-aware technologies so that operators can monitor for anomalous activities as well as better protect engineering operations. ICS operators will need to adhere to emerging ICS defense best practices to protect the critical systems that we all rely on in our daily lives.
Combating software supply chain threats
High-profile software supply chain attacks have received mainstream media attention several times in the past year, but these may only be the tip of the iceberg. To protect against adversaries’ efforts to exploit legitimate software delivery pipelines to gain backdoor access into public sector environments, defenders will need to adopt a Zero Trust approach to securing their endpoints, identities and networks. Other best practices in supply chain risk management, including maintaining a current software bill of materials (SBOM) for each application running in your environment, can also help to mitigate this growing risk.
Filling the cybersecurity skills gap
Demand for skilled cybersecurity professionals has long outstripped supply, and this trend isn’t changing. According to the latest (ISC)3 Cybersecurity Workforce Study, there are approximately 3.4 million more cybersecurity positions than there are people to fill them. Public sector organizations may be especially challenged to hire and retain top talent, and will need to leverage the right training and professional development strategies if they are to remain capable of defending their high-value digital assets.
Interested in learning more about these topics or related issues? Visit the event’s landing page to sign up to attend the 2023 Government Security Solutions Forum today.
Visit Carahsoft’s website to view their full portfolio of cybersecurity vendors.