7 cyber defense use cases

Cyberthreats come at agencies from many angles, and IT staff must be prepared both to prevent and respond to attacks – whether they target public safety, justice, finance, critical infrastructure or users, panel of cyber experts said.

“Cybersecurity is foundational to all facets of government,” David Robinson, senior director of public-sector solutions at Microsoft said during a Dec. 9 webinar. “Governments around the globe are passing new laws regarding reporting, creating cross-government task forces, allocating resources and seeking out private-sector assistance.”

Research by Microsoft’s Threat Intelligence Center found that more than 50 million password attacks happen globally every day, and other studies show that phishing attacks grew by 667% when the pandemic hit.

George Earl, a public-sector architect at Microsoft, identified seven cyber defense use cases common across the public sector. The first is the classification and protection of organizational data.

“Governments should apply sensitivity labels and data-loss prevention policies,” Earl said. “If a data breach does occur, it’s imperative that data teams know where the most sensitive data is and who has access to it.”

The second use case is protection against ransomware, a hard lesson learned after the Colonial Pipeline attack, and third is the secure management of an ever-expanding network ecosystem, including internet-of-things devices. Fourth is about sharing information and collaborating more securely because many government processes cross agency boundaries in structured and unstructured ways, Earl said. For instance, unemployment benefits checks may require data from the Department of Motor Vehicles, law enforcement, health care and child protective services.

The fifth case is the efficient monitoring of on-premises and cloud-based systems, applications and data. “This requires capabilities such as machine-learning models, predictions, aggregations and flexibility in scale that just aren’t possible with on-premise architectures,” he said.

Sixth, agencies must offer enhanced public services with security built in – something that comes naturally with the adoption of the DevSecOps methodology.

Lastly, agencies are grappling with shadow IT and software-as-a-service app usage. These unknown and unmanaged cloud services, software and hardware are not “necessarily a bad thing in terms of productivity for your organization, but it does potentially introduce security vulnerabilities,” Earl said. “A common example of this scenario would be unsanctioned usage of tools such as Dropbox.”

The first step in addressing each use case is zero trust, which treats each request for network access as a unique risk to be evaluated and verified. At its core is strong identity verification through multifactor authentication (MFA), which prevents 99% of identification-based threats, Earl said. He predicts that zero trust will be the biggest area of investment for cybersecurity as the pandemic threat winds down.

Besides those general cybersecurity needs, sectors have specific ones, too. For instance, the public safety and justice arena is looking to cloud platforms to enable tools for correlation, search and metadata tagging to accelerate their investigations into bad actors and fraud groups.

“That investigative piece of it is extremely complex and complicated for agencies, said Kirk Arthur, senior director of Microsoft’s Worldwide Public Safety and Justice Team and a former Secret Service special agent and leader of the Electronic Cybercrimes Task Force. Right now, the process typically looks like this: a compromise happens, a law enforcement jurisdiction responds and investigators capture and carve through data about the event, most often using manual tools.

“We have to be able to provide the right level of tools and capabilities to our investigators,” Arthur said.

The same is true for the financial sector, including not only treasury departments but tax agencies, economic development agencies and financial regulators, said Valentina Ion, director of public finance at Microsoft. The potential for fraud has become obvious with the issuance of economic stimulus packages to promote recovery from the pandemic-related recession.

The IRS found that about $5.5 billion in improper payments have been made, and cybercrime is estimated to cost more than $10.5 trillion globally by 2025.

Ion recommends keeping logs and automating the monitoring of them as well as implementing secure records management and archiving. “The public finance role is to protect not only the infrastructure of their own services and employees, but also the taxpayers against malware attacks, phishing attacks,” Ion said.

Protecting the privacy of children in the U.S. foster care system is also a key cybersecurity function for government, said Greg McKay, director of Worldwide Public Health and Social Services division at Microsoft and former head of Arizona’s child welfare organization. Vast amounts of sensitive data are associated with the half a million children who live in foster care in America today and data about where they are living, their history and their medical needs requires protection.

Additionally, “nearly 8 million children are reported abused or neglected every year in the United States,” McKay said. “Every one of those children, by law, have a right to their privacy and the right to have their data protected and confidentially stored. Moreover, every source that calls a child abuse hotline in America is also considered protected, or confidential, and that data needs to be safeguarded from any type of release.”

Lastly, cities face a dual challenge: transforming their technology and improving their security at the same time, said Jeremy Goldberg, director of critical infrastructure Microsoft and former interim CIO for the state of New York.

“This requires solutions in both technology and processes; one or the other just won’t be enough,” Goldberg said.

Stephanie Kanowitz is a freelance writer based in northern Virginia.