The Department of State鈥檚 (DOS) has two focuses: adopting critical and emerging technologies and strengthening cybersecurity. Secretary Antony Blinken cites these initiatives as an 鈥渁spect of foreign policy that has become critical in recent years.鈥
Yet, a recent survey indicates when it comes to protecting against cybersecurity threats. The more technology added to a network, the harder it is to defend.
That鈥檚 why the DOS must adopt a security-first approach when building and deploying new IT infrastructure. By shifting security left, the organization will be better positioned to successfully balance modernization with security.
Here are three ways the DOS and other government agencies can achieve this objective.
Adopt a 鈥渟ecure by design鈥 approach
Infrastructure modernization isn鈥檛 just about the tools that are added to a network. It鈥檚 also about the people who must manage the tools, and the different processes teams might use to ensure that everything works as it should. All of this creates additional complexity and increases how an attacker could infiltrate a network.
That鈥檚 why it鈥檚 critical to weave cybersecurity throughout every phase of infrastructure deployment. Every time a new system or application is installed, its introduction and implementation should be carefully vetted by a dedicated security team. All endpoints should be carefully monitored and inspected to ensure their fortification and all systems tested by red teams to verify their security postures and resiliency.
Simultaneously, all IT professionals should follow predetermined security guidelines throughout the software implementation process. These guidelines should be easily accessible and understood by everyone involved in the process. Simple, direct, and sequential instructions can help prevent vulnerabilities.
Implement observability for proactive cybersecurity
As the DOS鈥檚 software factories continue to develop and deploy new technologies, the agency must adopt methods that allow it to keep close tabs on how those technologies connect and interact with one another. Implementing a process of observability is a good way to accomplish this task.
Observability provides a complete view of every asset that comprises an organization鈥檚 IT infrastructure, whether on-premises, in the cloud, or hybrid environments. IT teams can observe how assets operate and interact with each other and rapidly identify issues as they arise, including potential security risks.
Observability goes beyond traditional network monitoring, but both are essential. The latter pushes alerts to IT teams whenever there鈥檚 a deviation from a predetermined metric, while the former allows teams to detect and analyze abnormalities in real time. So, while monitoring is reactive, and observability is proactive, both work together to form a critical foundation for infrastructure security.
Take an 鈥渁ssume breach鈥 mentality
Zero-trust is an effective best practice that the DOS has adopted from the Department of Defense鈥檚 leadership. In the wake of continually evolving cybersecurity threats, adopting a zero-trust posture should be considered the minimum protection standard.
The DOS can take this approach even further by taking an 鈥渁ssume breach鈥 mentality. An assume breach mindset includes several strategies designed to protect the agency throughout the entire lifecycle of a cyberattack. In addition to incorporating zero-trust principles, assuming a breach involves:
- Identifying and addressing gaps in security coverage
- Planning how to react and respond to an attack
- Detailing the steps needed to recover from an attack
- Learning from an attack
- Implementing processes to prevent future attacks
Assuming a breach is just as it sounds鈥攅mbracing a position that it鈥檚 not if a breach will happen, it鈥檚 when it will take place. If agencies base their cybersecurity efforts around this mentality, they will be more prepared to both deal with and prevent the eventuality.
Cyber resiliency must be a top focus as the DOS continues its push toward modernization, but without a systematic plan in place, the agency鈥檚 efforts to contain and prevent vulnerabilities can easily become overwhelming. Adhering to the three strategies outlined here can help the DOS prioritize cybersecurity and tackle potential threats in a way that will not only protect the organization but also do so in a manner that is efficient and effective.
These best practices are fundamental elements to SolarWinds鈥 approach, developed in collaboration with leading cybersecurity experts in the wake of the 2020 SUNBURST attack. It鈥檚 a solid blueprint for the DOS to refer to as it continues its modernization efforts.
