Most organizations today have multiple attack vectors that require monitoring and defending. Government cybersecurity teams, in comparison, have to manage countless additional entry points for threat actors. While most industries must understand and defend against attacks from vendors, satellite offices, wireless networks and bring-your-own-device (BYOD) threats, governments also have to worry about large numbers of disparate entities that tie into a central information technology hub.

As seen over the past 18 months with attacks in Colorado, Atlanta, Baltimore and Dallas, among others, cities and states must protect their infrastructure, transportation, social services, healthcare, emergency services and many other divisions. The sheer number of connections into government networks substantially increases the risk and complexity facing these administrations.

Extortion via ransomware seems to be the popular choice for many cybercriminals today, but what does tomorrow bring? With so many government services dependent on technology, there are many opportunities for a denial-of-service (DoS) attack. Government cybersecurity experts need to stay ahead of these criminals and, in doing so, understand the environments they’re defending. Defenders must see the entire threat landscape and understand where attacks can come from. Protecting environments with one point of entry is easy; unfortunately, that situation rarely exists in the real world, particularly with government infrastructure.

The Complexity of Governments Increases Risk

Inside every national, state, city and local government are many different departments, each with its own information technology requirements and solutions. Too often, the teams that run these systems don’t interoperate with other groups. For example, in county government, there is a clerk and recorder responsible for elections, police responsible for civil protection and social services responsible for improving social welfare in the community. Each of these groups might have its own IT shop that manages the computers and networks for the department.

There is typically little to no communication between the people who set up, manage and maintain these environments. To make matters worse, the policies and procedures used to build and harden security infrastructures are rarely consistent between departments. Lack of commonality leads to extreme risk, and the larger the government organization, the more points of entry it has and the more threats it faces.

Threat actors understand these deficiencies and can identify vulnerabilities relatively easily through several methods. Today, the most common approach involves phishing attacks in which an attacker attempts to trick an end user into providing credentials for one part of a network. Since most government networks communicate and connect with each other, a breach in one division puts the rest at risk as well.

Imagine that a social worker loses control of his or her credentials, and a threat actor proceeds to access that environment and move laterally through the network to infiltrate the police department and the county clerk and recorder. This individual could acquire valuable data such as voting rolls for a county. The lack of procedures to manage credentials and patch systems between government entities increases the risk of both losing control of login information and permitting lateral movement between government bodies. This scenario epitomizes a substantial risk to governments that other industries do not face.

Government Cybersecurity Improvements Won’t Come Easy

Since governments have so many potential attack vectors, both physically and virtually, government cybersecurity professionals need clear processes, procedures and authority to harden vulnerable environments.

Whether they’re implementing asset management, patch management, change management or any number of critical security mechanisms, governments and their partners need to consolidate and coordinate between internal entities to make sure every attack vector has proper defensive positioning. The number of endpoints, network connections and infrastructure devices that interoperate internally within a government body at any level creates substantial risks, and the entire environment must be understood and modifiable to ensure proper protection.

The challenges governments face in hardening their environments are large and widespread, with drastic change being the only foreseeable solution. Engaging disparate teams to integrate and interoperate, both operationally and procedurally, will take strong leadership and bold decisions. Unless and until we see a major change in both the behavior and understanding of the threat landscape, there will be more and more attacks and, sadly, they will become more dangerous and impactful to governments on a regular basis. Without major modifications inside government cybersecurity organizations, we are in for a bumpy ride.

More from Government

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Why keep Cybercom and the NSA’s dual-hat arrangement?

4 min read - The dual-hat arrangement, where one person leads both the National Security Agency (NSA) and U.S. Cyber Command (Cybercom), has been in place since Cybercom’s creation in 2010. What was once touted as temporary 13 years ago now seems established. Will the dual-hat arrangement continue? Should it? Experts have discussed the pros and cons of both viewpoints for years. It remains in place for now, but is that likely to change in the future? That remains to be seen, and points…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…