By Stacey McDaniel
Over the past several years, Internet security researchers have observed a shift in the threat landscape -- one in which attackers are increasingly driven by financial motives. Today’s attackers are increasingly sophisticated and organized, and they are constantly developing new techniques and strategies to circumvent security measures. During the first half of 2007, the Internet security threat landscape was characterized by the following:
- More professional and commercialized
- Threats increasingly tailored to specific regions
- More multi-staged attacks
- Targeting victims by first exploiting trusted entities
- Increased convergence of malicious activities
With these in mind, let’s take a closer look at the nature of the attack activity occurring in and around government organizations.
Stolen identities
You don’t have to look far in the news to realize that identity theft is increasingly prevalent. Data breaches are costly -- and not only in terms of citizen confidence and financial loss. Where the government is concerned, breaches of sensitive information can have significant consequences for the country’s national security. Government agencies store a considerable amount of information that could be used for identity theft. Not only that, agencies also often share information and work interdependently. As a result, sensitive personally identifiable information may not only be stored in separate locations, but may also be accessible to numerous people. This increases the opportunities for attackers to gain unauthorized access to this data.
Critical infrastructure attacks
The amount of malicious activity originating from computers and networks that are known to belong to government and critical infrastructure sectors are also being evaluated. These findings indicate the level at which government and critical infrastructure organizations have been compromised and are being used by attackers as launch pads for malicious activity. This could potentially expose sensitive information, which could have serious ramifications.
Researchers have found that 90% of all malicious activity originating from critical infrastructure sectors during the first six months of 2007 originated from telecommunications organizations, which the government sector relies upon heavily. A successful compromise of computers in the telecommunications industry could open the door for an attacker to eavesdrop on or disrupt key communications within government.
Denial-of-Service still persists
Denial-of-service (DoS) attacks continue to pose a significant threat to government organizations, rendering Web sites and other network services inaccessible to users and employees, and making it difficult or impossible for employees and users to access critical information. DoS attacks often target governments and are primarily motivated by social or political purpose. An attack that disrupts the availability of a high-profile Web site, particularly one belonging to a government organization, will get much wider notice than one that takes a single user offline.
Where the attackers are
Attackers often target computers within their own region or country. It is not surprising that the United States is the site of the most malicious activity as it is home to 18% of the world’s Internet users -- more than any other country. Furthermore, the U.S. has a well-established and relatively long-standing Internet infrastructure. As a result, not only do many of the attackers reside there, but they have had a long time to understand technologies and hone their skills. As part of the critical infrastructure, the U.S. government needs to take extra steps to prepare for the reality that it will be subject to malicious activity.
Answering the threats
Experts recommend government agencies and related organizations practice the following:
- Defense in-depth: Governments can protect themselves against attacks that result in data theft by employing defense-in-depth strategies, including the use of IDS/IPS solutions, antivirus, anti-spyware solutions and a firewall. Antivirus definitions should be updated regularly and all desktop, laptop and server computers within an organization should be updated with all necessary security patches from their respective vendors.
- Monitor and filter: All network-connected computers should be monitored for signs of malicious activity, ensuring that any infected computers are removed from the network and disinfected as soon as possible. Also, outgoing network traffic should be filtered to ensure that malicious activity and unauthorized communications are not taking place. Policies should be in place that identify and restrict applications that can access the network.
- Encryption: Government should utilize strong encryption to store data, so even if the data is lost or stolen, it is not accessible to unauthorized third parties. This step should be part of a broader security policy that organizations should develop, implement and enforce in order to ensure that all sensitive data is protected from unauthorized access.
- Access control: As mentioned earlier, government data is often housed in disparate locations, with a wide range of users, including onsite employees, remote employees, guests, contractors, and temporary workers -- all of whom need access to some portions of the data in order to perform their jobs. In this setting, network access control (NAC) is important because it controls what the data users can access and what they can do on the network. Not only that, NAC also verifies that all endpoints are in compliance with security standards and policies before entering the network.
Conclusion
Threats are constantly evolving and attackers are becoming more skilled. The job of protecting IT in government organizations is tougher than ever. The government maintains a wealth of sensitive data -- ranging from military secrets to private, personal details -- that must be kept secure. With the threat of data theft looming and attacks like DoS threatening to bring entire networks down, security should be a #1 priority for your IT staff.
Stacey McDaniel has been writing about high-tech issues for more than six years.