The next big security priority for federal agencies is not just protecting data, but decentralizing it so that in the event of a cyberattack, if one device is compromised, it doesn’t open the door to an entire network.
“[Data security went from network defense to applying to connect,” said Department of the Navy Chief Information Security Officer Chris Cleary at a FedInsider webinar on “Safeguarding the Intelligent Edge” this week. “Before I allow something to connect to my network, I validate it. Then you have the latest security construct, which is a zero trust environment, where I try to verify a user and connect regardless of where the user is and where the data is. It's getting harder and harder to secure, it's really about figuring out where all the data lives. It's a daunting task and as much the responsibility of the CISO as the CIO."
At the Customs and Border Protection, CISO Alma Cole said the agency is undergoing “some really big evolutions” with regard to how it handles data and data security.
The biggest change is data decentralization and edge computing, which affects how the agency thinks about cybersecurity.
“We have vast amounts of data,” Cole said at the webinar. “We have been in a place where if an officer wanted any of that data, they have to be at a station behind a terminal somewhere, and now of course that's not good enough. We need that data to be available in their hands and enabling the workforce.”
For CBP, edge computing was a logical next step.
“We have these really widespread outposts sometimes, the bandwidth isn't what we would like,” Cole said. “Instead of feeding all that video, wouldn't it be great if you could have the algorithm out there on the edge looking for anomalies or vehicles or smugglers or drones? And then as they get those signals, sending only the relevant data back over those networks. The ability to preserve your bandwidth in doing that is massive, but importantly the ability to focus your resources and alert those resources to what they actually need to see instead of tying people up looking at screens all day. This has the potential to be a massive game changer.”
Distributing centralized data comes with cybersecurity concerns. If CBP agents use mobile devices connected to critical infrastructure, they’re providing new and potentially easier ways for hackers to break into the network.
The solution: Only connecting devices to the data they need, and disconnecting them from everything else.
"A lot of our other systems, especially the monitoring-type systems, have been air-gapped, and that was one way to secure things, to make sure it's not connected to anything else,” Cole said. “We'll be able to push that data out into mobile networks and give access to that data wherever they are. Now we have to do more microsegmentation in the cloud, and really we're changing the face of everything we do to push that data out to the edge where it's needed in the most efficient way possible.”
Edge computing securely has also optimized Air Force operations, said Air Force Chief Technology Officer Frank Konieczny, who thinks 5G could dramatically accelerate edge computing for the service branch and other federal organizations.
“[We asked] how can we do a smart depot, where the aircraft comes down and needs all their information regarding where they've been, engine data, and we process that immediately as the plane lands so when the technicians come out and service the aircraft they know exactly what they need to do and have parts to do this,” he said at the webinar. “Wherever you gather the data is where you want to process the data. As we go to a more 5G-relevant communications technology, the data is going to stream in faster than before, and there's no way to move the data down a central processing facility, you need to process it [where it is].”
As federal agencies and military branches increase connectivity, they need to ask more questions about the hardware and software on connected devices. Edge computing raises all sorts of security concerns, which is why practicing good cyber hygiene like patching and conducting routine scans is more important than ever.
“Zero trust is going to be really, really critical and continue to be critical for us,” Cole said. “[Internet of things] probably is not going away, [we are] making sure devices only have the right amount of connectivity they need and no more. We're trying to minimize the amount of data we're holding on various devices out in the field that's critical.”
Data is now the target for many hackers. If a hacker manages to enter a network, federal agencies need to ensure the hacker doesn't have access to all the data on all connected devices.
While zero trust is a good way to prevent hackers from gaining access to connected devices, so is developing a strong and secure cloud strategy.
“You have actual adversaries with a keyboard coming into your network figuring out where you store your backups," Cole said. "To [protect against] that we're trying to have the right mix of having a multi-cloud strategy for backups and making sure one compromised account or user doesn't have the rights to go across all those environments, and really isolate those backup stores from each other. If there is a compromise, our first priority is to isolate that and rebuild from a known good baseline.”