As cyber threats have continued to increase in frequency and sophistication in recent years, the government is taking steps through guidance and cyber requirements to assist agencies in creating a proactive posture to defend against current and emerging threats. While cyber legislation is necessary, advancements to network security require funding, and many agencies do not have the budget to support extensive changes.
As part of their efforts to combat this issue, the government signed the Infrastructure Investment and Jobs Act, which is designed to assist all levels of government in preventing, protecting and responding to cyber-attacks.
The new act provides extensive funding for cybersecurity, designating $2 billion toward increasing national cyber incident response and recovery capabilities. The act also provides $1 billion in cybersecurity grants for state and local governments and $250 million for energy sector cyber application advancement and strengthening cybersecurity in rural and municipal public utilities. Additionally, more than $100 million in cyber response and recovery funding is included to assist public and private entities during major cyber incidents as well as millions of other dollars for research, development, testing and evaluation.
This extensive funding will help agencies increase their cyber capabilities against threats such as killware and targeted malware attacks. But with this funding comes the question, what capabilities should agencies prioritize to get the most value out of the resources provided?
Considering legacy systems
Today’s cybersecurity market is saturated with options for entities seeking to update hardware, software and cloud storage. Due to the age of many existing systems, finding methods that easily integrate with an agency’s existing network while protecting against malicious actors presents a challenge.
Over the past two decades, government agencies looking to defend their infrastructure have met new cyber requirements and attempted to keep up with new threats by patching various solutions onto existing legacy systems. However, these patched solutions cannot and do not replace the need for an effective cybersecurity system built and designed for the cloud.
When a threat is present, for example, the approval process to act can take a week or longer, hamstringing agencies using legacy systems, even those with newer technology added to their system. That time can equate to millions of dollars and valuable information lost.
With systems built in and for the cloud, the threat hunting process can be done smoothly and quickly, saving agencies valuable resources. Creating a system in and for the cloud is not an easy task, but the long-term benefits outweigh the short-term costs included in the funding.
A zero trust system built from the ground up
Cyber risk mitigation lies in agencies’ ability to maneuver their networks. One way to increase a network’s maneuverability is utilizing zero trust architecture (ZTA) elements that provide an overlay and, with one click of a mouse, can easily deny a thread of connections between different system nodes. ZTA is the ideal methodology to create a verify-trust-verify-environment that prevents bad actors from gaining access to networks and capturing data or deploying ransomware.
However, legacy systems cannot compete effectively in today’s threat environment merely by throwing new solutions at old systems. Incorporating ZTA capabilities into a legacy system will not allow for the same level of efficiency as a system explicitly created to utilize today’s technology. To truly allow for a flexible system, the best security option is a modern system built from the ground up and designed to contend with contemporary threats. In order for a zero trust system to be fully effective, it must be built with zero trust in mind from conception.
Increasing cyber posture relies on adopting forward-looking solutions
For all system modernization efforts, agencies should prioritize using funding for solutions that provide both offensive and defensive maneuverability.
One cutting-edge solution is digital twin technology. This technology allows an organization to create an exact replica of its existing system to test the capabilities and limitations of that replica. This testing allows for insight into factors like future wear and tear and system vulnerabilities without risking the already functioning system. A working digital twin can also provide an additional network for agencies to flex while investigating a particular activity and allow organizations to generate attack scenarios to train internal resources and improve response times.
While employing digital twins of agency networks seems like an unreachable solution, organizations are already beginning to make the move.
In January, Las Vegas unveiled a digital twin of its downtown area, which enabled the city to demonstrate scenarios and responses surrounding traffic, energy and emergency evacuations. Using sensors and the 5G network to collect street-level data, city officials can forecast and prepare for the future while sharing this data with educational institutes, the real estate community, and the local hotel and casino industry.
As successful digital twins become more common, they can provide necessary offensive and defensive capabilities, making them a valuable tool to invest in for many agencies working to modernize their networks.
Looking ahead to the future
For agencies looking to spend newly authorized funds and increase the network security of legacy systems, incorporating zero trust and its complementary capabilities like digital twin technology can be a starting point toward building a comprehensive security posture. While old legacy systems can be difficult to rebuild, investing in zero trust and cloud-focused platforms from the ground up will provide the protection that agencies need to keep up with the evolving cyber landscape.
Brian Erickson is vice president of strategy and solutions at Vidoori, and a retired U.S. Navy Captain.