State and local governments have more data, including more types of sensitive information, to safeguard than at any time in history. In order to stay ahead of the growing threats, agencies must make a commitment to security and to trustworthy systems to enable them to protect their networks and data, detect intrusions and remediate malicious events.
Municipal and state networks are under significant and increasingly sophisticated threat by cybercriminals, which means the resulting risks to a local government’s network may go undetected for days, months or even years. According to the Ponemon Institute’s 2015 Cost of Data Breach Study, malicious attacks take an average of 256 days to identify. The network plays a critical role in not only identifying attackers, but also ensuring that mitigation and isolation steps to rid them from a network are possible.
This dependence on the network not only for critical communications, but also as a security tool necessitates visibility into the integrity of network hardware and software. This is a critical first step in ensuring that IT systems are built with a foundation of trust. Non-genuine or suspect hardware and software are serious threats to network health and performance.
Cybersecurity risks are increased by three key threats:
1. Modified software — If an unauthorized entity modifies software, it can compromise the device’s operation. Malicious software can provide an attacker with the ability to monitor and exfiltrate information. Non-genuine software could also disable or “brick” hardware while attempting to perform platform maintenance or software upgrades.
2. Counterfeiting — This includes hardware and/or software that wasn’t built by the manufacturer or was altered post-manufacture without consent with the intent to imitate a genuine product, as well as devices containing pirated, tampered or malicious software.
3. Non-sanctioned channels — If name-brand equipment was obtained through an unauthorized distribution channel, it may be stolen or secondhand. Equipment from unauthorized channels poses a higher risk for pirated, tampered or malicious software. Unauthorized third-party components can also compromise the quality of existing equipment.
Today’s network components often come with built-in capabilities that mitigate these risks. As technology has matured, vendors’ abilities to embed capabilities that prevent or quickly identify risks posed by these key cyberthreats are becoming more prevalent. Such mitigations include anti-counterfeit technologies, secure boot and mechanisms to ensure that non-authorized software will not run.
To minimize the likelihood of these threats, another critical non-technical practice is procurement through authorized channels.
State and municipal government networks must safeguard intellectual property and the sensitive information of their employees and constituents, all while allowing critical capabilities to function and support core operations. As people, processes, data and things become increasingly more complex and interconnected, the ongoing threat of attack is coupled with a huge expansion of the attack surface. For these reasons, the network infrastructure itself must be trustworthy. You can achieve this by gaining visibility into the integrity of your network’s hardware and software. Visibility of this kind allows you to conduct proactive audits and verify both that the platform works as expected and that defenses are in place to ensure it’s working effectively.
Anthony Grieco is a senior director in Cisco’s Security and Trust Organization. He leads the Trust Strategy Office and is responsible for the architectures and technology innovations that address customers’ trust needs.
