Critical Infrastructure and the Cyber Threats You Can’t See
Tradeoffs—we all have to make them. In today’s always-on, ever-evolving digital world, some of the most important decisions organizations and consumers must make are the tradeoffs between security and convenience. These choices come under even more scrutiny when they involve government entities making risk judgements that could impact American lives, the economy, and other organizations across the globe.
Increasingly that’s just what is happening—government agencies and critical infrastructure organizations walking the tightrope of keeping up with the demands of modern citizenry while protecting the critical infrastructure we rely on to stay connected. It’s a balancing act of enormous proportions.
How We Got Here: Critical Infrastructure Cyber Risk in Context
The U.S. Government (USG), like nearly every market sector, is undergoing a massive digital transformation. Agencies are working to replace outdated legacy systems and deliver a consumer-grade citizen experience. The modernization of digital infrastructures at every level of government is made possible through an extended supply chain involving numerous third-party vendors. These suppliers not only support agency modernization goals but help the USG deliver on its promise to the American people—whether it be related to safe transportation, reliable telecommunications, secure health data, or national defense.
While building digital interconnectivity allows agencies to more effectively carry out their missions, it also increases their attack surfaces and external attack vulnerabilities. The widening of attack surfaces across federal, state, and local governments, combined with the malicious threat actors’ increased sophistication, has created an immediate need for government agencies, critical infrastructure, and their suppliers to gain visibility across their entire attack surface. As the SolarWinds and Colonial Pipeline breeches illustrate, without clear visibility both inside and outside of the network, malicious actors can and will exploit vulnerabilities along the supply chain.
360° Approach to Safeguarding the Critical Infrastructure Community
Previous cybersecurity approaches primarily focused on monitoring internal network traffic and standing up firewalls to protect network perimeters. These strategies no longer provide an adequate defense. Organizations need to understand how they look to adversaries from the internet and which threat actors are likely to target them. By linking the risks and vulnerabilities visible from an organization’s external attack surface to threat intelligence and robust threat actor models, organizations can get a more accurate view of cyber risk—for both themselves and their supply chain vendors. This 360-degree view is critical to prioritizing mitigations against the significant threats and enabling stronger cyber defenses. LookingGlass provides this external attack surface visibility, contextualized and enriched with threat intelligence, to help customers understand their own internal cyber risk and the cyber risks of critical infrastructure they depend upon.
Case Study: LookingGlass Helps Critical Infrastructure Organization Increase Attack Surface Visibility
LookingGlass’s work with a vital government organization helps illustrate the importance of attack surface visibility and shows how widening the full threat intelligence lens can help organizations avoid the blind spots that come when they only identify risks in their own networks.
A Visibility Challenge
This federal customer traditionally fulfilled its infrastructure security mission on a tactical level, relying on people “on the ground” to perform investigations and work with stakeholders to ensure the safety and security of its operations. Though historically focused on in-person, physical investigations and incident response, cybersecurity crept in as a significant part of the information its employees needed to drive the mission of keeping critical infrastructure safe. The agency urgently needed a way to look at tactical, immediate cyber issues, and operationalize that intelligence so the critical infrastructure stakeholder groups could act. More so, the agency lacked a contextualized view of the sector’s broader ecosystem, which is highly dependent and interwoven across multiple supply chains.
Our customer needed a way to improve the security of not just their organization, but also to provide operationalized insights and ecosystem cybersecurity monitoring to better serve both the sector and agency mission of ensuring the security of critical infrastructure.
The ScoutPRIME Solution
In 2019, the agency engaged LookingGlass to help solve these challenges by leveraging scoutPRIME®, our global external attack surface management solution. The scoutPRIME® platform offers contextualized, correlated threat intelligence overlaid on a dynamic map of the world’s internet infrastructure. This map provides an analysis and visualization – a global footprint – of logical (IP routing), physical (geo-location) and transit medium (fiber, satellite) information. The platform’s always-on, “outside-in” approach meant that risk management strategies for continuously monitoring critical infrastructure suppliers and identifying sector vulnerabilities to optimize threat hunting and support incident response could be easily implemented.
Results to Sector Risk
By utilizing scoutPRIME®, the government agency is able to perform infrastructure sector monitoring without intrusively scanning outside entity networks—proactively uncovering sector risk and addressing vulnerabilities like never before. This not only supports the teams on the ground, but it improves the security of the entire critical infrastructure system.
The Path Forward for Protecting Our Critical Infrastructure
While critical infrastructure may always be targeted by our adversaries, there are certainly improvements to be in made in the ways we secure our defenses. Continuous monitoring and improved attack surface visibility is how we can get ahead of the 180 information and communication technology (ICT) threats that the Cybersecurity and Infrastructure Security Agency (CISA) estimates are currently facing federal agencies.
In the words of Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, “If you can’t see a network, you can’t defend a network. And federal networks’ cybersecurity needs investment and more of an integrated approach to detect and block such threats.”
Want to learn more about how LookingGlass is improving attack surface visibility for our cross-sector partners? Get in touch today.