At the federal level, officials have referred to the threats posed by cyber attacks as ‘the next Pearl Harbor,’ indeed the President himself has announced that better cyber defense will be a key focus for government. At the state level, cybersecurity is a little more scattershot. However, observers say that this inconsistent approach could leave the door open to attacks. We spoke with Chris Coleman, CEO of Lookingglass Cyber Solutions about what states can do at the recent BlackHat Conference held in Las Vegas, Nevada last week.
Lookingglass provides threat intelligence monitoring and management. “Our role as a company is to assess the threats that face our clients on a global scale, and then how they choose to chop up that global landscape is up to them,” Coleman explains.
“For governments, understanding these threats is critical. Are offices unknowingly transacting with criminal elements? We recently did an assessment of 15 states and discovered law enforcement, actually sheriffs offices that had banking trojans on their systems. You have to monitor constantly.”
Lookingglass technology provides information about the presence of botnets, hosts associated with cybercriminal networks, unexpected route changes and the loss of network resiliency. The monitoring Lookingglass provides looks at both in-house networks and networks outside a given organization that they might interact with to determine possible threats. He notes that states are now beginning to understand how networks interact, and how that can lead to new vulnerabilities, but overall it is still a big learning curve.
“Cybersecurity is really a focus issue for government. Given the scope and size of the attacks we’re starting to really see attention from government officials on cybersecurity and that’s a good thing. But, states aren’t created equal so it is going to fall to each state to do a needs assessment,” he says. “The movement seems to be to reduce access points and leverage universities. This is creating new issues. Universities are like petri dishes from a security perspective, with the sheer volume of malware running on those networks. If you’ve got critical services running on the same networks that can be dangerous, or at least increase your overall risk.”
CivSource has reported on a number of broadband access initiatives underway that rely on anchor institutions like universities to provide access points. Shared services plans also need to take into account how networks will depend on each other and interact from a security perspective, in order to be effective. Initiatives like FirstNet would isolate emergency communications, however, day-to-day operations could still be disrupted on blended networks.
“There needs to be a clear security plan in place, and that’s not just on technology, that includes people and processes,” Coleman says.
Critical infrastructure such as power grids or pipelines may also need their own network security plans, especially as more states and cities move to “smart” or remote monitoring networks for grid systems. “States need to take into account the security of critical infrastructure in of itself, often those security plans are going to be unique,” he says.
Beyond funding security operations, state governments will have to realize that defense online is less about eliminating threats completely. This may mean a new type of conversation between lawmakers, budget directors and IT shops. “Cyber defense is about containment, you can’t ever fully eliminate the threat the way you think about other types of defense. Putting more money into cybersecurity at the federal and state level is good but it doesn’t solve all of the problems. We have a huge problem set to fix here and we haven’t been resourced properly to do that for some time. However, government can’t solve the problem alone and support has to be consistent.”