As we move into 2024, Internet-based threats from nation-state affiliated actors targeting U.S. and allied governments, critical infrastructure like energy and other utilities, and suppliers to the government – including the defense industrial base (DIB) – are only accelerating. On the heels of a 2023 that brought warnings from the US Intelligence Community, Department of Defense, and Cybersecurity and Infrastructure Security Agency (CISA) regarding Chinese interference in such networks came the Russian-affiliated Midnight Blizzard attack against two large enterprises and at least 10 other publicly-traded companies preparing SEC disclosures. All of this comes as CISA’s Known Exploited Vulnerabilities (KEV) Catalog includes more and more attacks specifically targeting software that’s designed to keep users safe, such as endpoint detection and response and VPN products.
These dangers are likely to be compounded, as the UK’s National Cyber Security Center (NCSC) notes, by an increase in adversarial capabilities thanks to the role of AI. In the near term, it’s likely that AI will significantly uplift adversaries’ capabilities against both user-based and technical detection of cyber attacks – essentially, AI can help to craft attacks that are more likely to trick users into clicking on links and optimize malware based on previous successful attacks so that it evades detection from endpoint and network security products. Combined with the consistent efforts of China and Russia to identify vulnerabilities in widely-used enterprise and security products – some of which are most likely not yet known to detection algorithms – this application of AI raises the troubling prospect that data from adversaries’ most successful attacks could feed algorithms that replicate or evolve the techniques and exploits used in those attacks, then deploy them at even higher scale and velocity.
At the same time, the IT estates of the FCEB are more dispersed than they have ever been, a trend that shows no sign of changing. Realizing the demands of a rapidly-changing technological environment, the FCEB – and the US Government writ large – have shifted toward commercially-available products meeting compliance standards (such as FedRAMP) that are often more focused around processes and cloud architecture than the inherent security of the product. But even beyond the cloud migration, network administrators and security teams are facing an even more diverse and largely unknown stack of devices in employees’ homes thanks to the more than 70% of the Federal workforce still teleworking at least occasionally post-pandemic, despite pushes from the White House and Congress to conduct more in-person work.
But what seems like a bleak landscape for federal and DIB cybersecurity professionals provides an unprecedented opportunity to rethink the way we approach the challenge of securing networks and systems. Rather than using AI to “supercharge” detection algorithms, leading to “more of the same” patching drills for the very security products that should have kept users safe in the first place, professionals should think about more broadly applying CISA’s Secure by Design concepts beyond software and to their network design. What this means in practice is implementing a more proactive cybersecurity model to ensure that adversaries have fewer opportunities to present malicious code to the network in the first place.
In addition to our robust partnerships with the US and UK Governments in the cross-domain space, Garrison looks forward to supporting the US and UK governments and their suppliers in the journey toward a more secure network with a hardware-enforced, cloud-enabled isolation solution that can protect one of the most vulnerable but critical parts of any operation today: Internet access. In my next article, I’ll explore the web browser and why it’s simultaneously one of the most valuable and vulnerable pieces of technology in any organization. For a preview, or to learn more about Garrison’s solutions before then, contact us!