Article

Central government can no longer afford to fall short on cybersecurity

The level of threat central government organisations face has never been higher. As a result, having effective cybersecurity systems in place has never been more important

By Tim Ferguson

Thu 29 Nov 2018 @ 12:23

The role of good government is to ensure citizens are safe and prosperous. The provision of the goods and services that make this possible, as well as the collection and distribution of taxes that support it, requires a complex web of connections.

The efficiency of these networked systems allows information to be collected, sorted and quickly shared to support improved public services. But these systems face an unprecedented threat when it comes to cybersecurity.

Cybercriminals are highly motivated to target government systems due to the large amount of personal data they hold. Some systems contain classified information vital for national security, while others process financial transactions.

If cybercriminals get their hands on this data, they have a better chance of achieving their aims, whether it’s to steal identities and money, influence national elections, or something more catastrophic.

According to the UK National Cyber Security Centre, the UK faces dozens of high-level attacks that threaten national security each month and 34,550 potential attacks on government departments were blocked over a six month period. This is a serious level of criminal intent.

Central government departments face both external attacks, including some that may involve foreign state-backed actors, and internal threats. These internal threats, which could be the result of staff negligence or malicious action, pose a similar level of threat as external attacks, while often being harder to detect.

Just think of the unencrypted USB drive containing dozens of sensitive security files related to Heathrow Airport that was found on a London street, or the malware that used the web browsers of people visiting the the Information Commissioner’s Office website to mine cryptocurrency.

Central government organisations need to ensure they are able to rapidly detect and contain attacks that breach their defences, and to mitigate the damage they can do.

They also need to ensure they meet compliance and audit requirements, including Good Practice 13 for collecting log files, and Cyber Essential Plus, which protects against common online threats. That’s not to mention PCI standards for payments and GDPR for data protection.

Modern security tools support good log management, file integrity checks and faster reports, simplifying audits and making compliance easier. With GDPR requiring breaches to be reported within 72 hours of being discovered, it’s crucial to be able to quickly bring relevant data together.

One of the major challenges in securing central government networks is getting true visibility of what is happening on those networks. There are often multiple systems spread across different locations, with different software being used.

Security information and event management (SIEM) can build that picture with information gathered by network monitoring. By providing insight via a single dashboard, this supports accelerated threat detection and response.

SIEM also provides deeper understanding of normal network and user activity, allowing user and entity behaviour analytics (UEBA) to expose anomalous behaviour that suggests a compromise has taken place. UEBA also uses automation to rapidly restrict access to the affected user accounts or parts of the network until an event has been investigated. This ensures attacks are stopped in their tracks and offers badly-needed support to central government security teams, which are often under-resourced.

Another challenge for government organisations is that, often due to cost, there may be a range of hardware and software in use, some of which is no longer support by vendors. These systems could represent points of vulnerability but monitoring them can be difficult, as the data produced may be in different locations and formats.

Thankfully, there are now tools that can collect the data generated by disparate hardware and software systems, and turn it into readable information that can be integrated into the security picture.

Central government faces numerous challenges, but cyberthreats are undoubtedly one of the greatest. It is imperative that the public’s privacy and the nation’s security are safeguarded. Modern cybersecurity technology can achieve this, and is able to do so without waste or compromise.