In this Help Net Security interview, Rob Greer, Vice President and General Manager of the Enterprise Security Group at Broadcomexamines the impact of nation-state cyberattacks on public sector services and citizens, as well as the wider implications for trust and infrastructure.
Greer also discusses common vulnerabilities in government IT systems and the potential of AI and public-private collaborations to improve cybersecurity defenses.
How do nation-state attacks affect the public sector and services provided to citizens?
All attacks, whether directed against a state or not, have the potential to have an impact public sector services and the citizens who rely on them.
On June 3, 2024, Synnovis, a supplier to the UK National Health Service (NHS), was the victim of a cyberattack that prevented the processing of blood test results and impacted thousands of patient appointments and surgeries. In 2017, the WannaCry attack, which spread to 150 countries around the world, disrupted the UK NHS, limiting ambulance service, patient appointments, medical tests and results, and forcing the closure of various facilities.
In the United States, many private sector organizations that provide public services or critical infrastructure have been significantly impacted by cyberattacks. In 2021, JBS Foods, the largest U.S. meat processor, suffered a breach that forced it to shut down 13 of its meat processing plants, impacting the nation’s meat supply. A month earlier, Colonial Pipeline suffered a ransomware cyberattack, sparking a gas rush on the East Coast and requiring an executive order to allow gas to be transported by tractor-trailer.
In 2015, a cyberattack in Ukraine left 230,000 customers without electricity, and such attacks have continued to disrupt the Ukrainian power grid ever since.
In the United States, we have seen the same nation-states employ less aggressive but potentially more disruptive espionage and disinformation strategies in an effort to undermine public confidence in the electoral system.
While these are just a few notable examples, the impact ranges from delays and inconveniences to more significant repercussions such as reduced capacity to health care public services and other critical infrastructure. What is more difficult to calculate is the degradation of trust when the public sector is compromised due to a cyberattack.
What are the most common vulnerabilities in government IT systems exploited by cyber attackers?
Most of the attack techniques used by nation-states are quickly adopted by mainstream cybercriminals. While nation-states have advanced capabilities and visibility that are difficult or impossible for cybercriminals to replicate, the general strategy of attackers is to target vulnerable devices such as VPNs or firewalls as a network entry point. They then focus on gaining privileged credentials while leveraging legitimate software to masquerade as normal activity while they explore environments for valuable data or large repositories to disrupt.
It is important to note that commonly exploited vulnerabilities in government IT systems are not markedly different from vulnerabilities that are more broadly exploited. Government IT systems are often extremely diverse and therefore subject to a variety of exploitations. CISA actively maintains a catalog of Known Exploited Vulnerabilities (KEVs). These are vulnerabilities that are known to be exploited in the wild and pose an increased risk of exploitation to government IT systems. government organizations using one of the cataloged technologies.
How can governments use AI to strengthen cybersecurity defenses against sophisticated attacks?
AI AI has been used for over a decade in cutting-edge security technologies, primarily to detect new and evolving attacks. Detecting the sheer volume of current attacks, as well as finding the needle in a haystack, cannot be achieved by traditional technologies, but is possible with sophisticated AI techniques. As a baseline, governments should evaluate their security technology to understand how effective AI and machine learning are in detecting the latest threats.
More advanced features can analyze infrastructure to determine typical behavior and usage patterns and automatically configure security settings and policies, providing even more effective adaptive security to detect anomalous activity.
The latest generative AI technologies also help increase the efficiency of the security operations center (SOC). GenAI can help SOC analysts understand attacks faster and more completely and provide guidance to analysts using natural language. This is especially important as we face ongoing challenges in recruiting security professionals.
Are there specific regulatory frameworks or policies that need to be implemented or improved?
There are currently many policies and regulations, both nationally and internationally, which are inconsistent and vary in their application. requirementsThese administrative requirements require significant resources that could be used to strengthen an organization’s cybersecurity program. It is therefore imperative to harmonize existing and upcoming cybersecurity regulations and consider policies holistically.
The Office of the National Cybersecurity Director’s (ONCD) recent summary of the 2023 Request for Information (RFI) on Cybersecurity Regulatory Harmonization shows that the U.S. government understands this problem. The report finds that “lack of harmonization and reciprocity undermines cybersecurity outcomes while increasing compliance costs due to additional administrative burdens.” ONCD is working with other federal agencies and the private sector to address these issues by seeking to “simplify the oversight and regulatory responsibilities of cybersecurity regulators” and “significantly reduce administrative burden and costs for regulated entities.”
This is a much-needed exercise and it is encouraging to see that steps are being taken to ensure that cybersecurity regulations are comprehensive, effective and efficient.
What role should the private sector play in supporting government cybersecurity efforts?
The private sector has threat intelligence Governments often lack access to information that is relevant to them, so two-way information sharing between the private and public sectors is essential to combating malicious actors. Partnerships between leading cybersecurity research groups and vendors such as the Cyber Threat Alliance (CTA), as well as public-private partnerships such as the Joint Cyber Defense Collaborative (JCDC), helping the entire cybersecurity community leverage its combined intelligence to help defend our global digital ecosystem.
