18 Nov 2019

Enemy spotted: How to handle visibility for defence sector cyber security

Marco Rottigni, Chief Technical Security Officer EMEA for Qualys, examines cyber security in the defence sector and how this can be managed effectively.

As part of the Strategic Defence and Security Review (SDSR) Efficiency Programme, the UK government has sought to save £7.8 billion from its defence budget by 2021. As that efficiency programme reaches its final years, the Ministry of Defence (MoD) is continuing to modernise. At the forefront of these developments is a Modernising Defence Programme which includes heavy investment in digital transformation.

Digital transformation delivers the services that an organisation needs in faster and more efficient ways. However, it can complicate the picture for organisations too, particularly when it comes to securing and managing all those IT assets over time. So what can defence organisations learn from the world of enterprise IT, and how can these teams meet their own specific requirements around security?

 

Digital transformation and security challenges

Echoing the words of many enterprise CEOs globally, the former Defence Secretary Gavin Williamson spoke about the need to “sustain strategic advantage in a fast-changing world” in Parliament during his last programme update: “We must be able and capable of continuous and timely adaptation. We will embrace modern business practices and establish a culture that nurtures transformation and innovation.”

In fact, the cyber security challenges that face the MoD, as well as other departments and security agencies around the world, in maintaining cost-effective and performant technology deployments are not dissimilar to those faced by modern business. The MoD’s transformation, which has embraced a product- to service-based model, saw the Department become one of the first organisations to adopt Microsoft’s Azure cloud services back in 2016. This involved running a private instance of Microsoft’s cloud service to meet their requirements around growing IT implementations quickly and efficiently.

However, this change in how to approach IT is not smooth sailing or simple. As companies and particularly large enterprises have discovered, digital transformation involves developing completely new models for how to run technology deployments. At the same time, these changes are not overnight, so large volumes of what can be termed “legacy” IT have to be supported. The result is a fundamental change in how IT teams work to support the scale, speed and nature of underlying IT.

Instead of being centralised and easier to manage, the range of IT assets that has to be tracked has increased considerably. The number of different infrastructure locations and platforms used has risen. From IT assets embedded in military equipment that has to be in place for multiple tours, through to field and operational technology assets, and into the new cloud applications that are implemented to make managing any organisation at scale easier, the sheer amount of IT now required leads to potential security risks. Any organisation that seeks to be adaptable and responsive, as the Armed Forces does, therefore requires increased visibility to achieve its goals and maintain the right security posture.

As any intelligence expert would acknowledge: You can’t defend against things that you do not know about. As recent high profile hacks have demonstrated, such as the theft of Mars mission data from the NASA Labs, with so much IT equipment to track, large organisations risk assets falling through the gaps. This can mean that devices are not updated and therefore potentially exploitable. Alternatively, rogue devices, such as small-board computers being used for specific internal functions can find their way onto the network. These devices can have potentially exploitable vulnerabilities – for NASA Labs, an unlicensed Raspberry Pi had a security hole that was used to provide access deeper into the network.

 

The three Vs of security

So how can we solve this problem, when we have operations working at massive scale and in multiple locations? What are the practical challenges for getting visibility around IT?

These can be broken down into three areas that security teams have to work on:

  • Volume – this describes the number of resources that companies have, and how these can increase and decrease, particularly in the cloud. Any organisation wishing to secure these resources needs the ability to keep pace with this scale.
  • Velocity – this covers the pace of change in these resources, and represents the need for augmented accuracy in detecting changes as quickly as they happen. This should be regardless of whether it is due to a change in the asset itself, the software it is running, or a newly discovered configuration error or vulnerability. Any remediation or reaction needs to be as fast as possible.
  • Variance – this describes the huge range of different attributes that may exist. There is a large mix of different IT and operational technology assets that now have to be maintained – from typical desktops, laptops and servers through to specialist ruggedised devices and embedded technologies that will have to be in place for decades. Each of these assets has to be tracked and kept up to date in order to remove the risk of security issues.

 

Building security at scale needs insight

To keep up with digital transformation, organisations must get real-time access into data that describes what is changing across IT. In order to get that data, you must have sensors within each infrastructure component on every platform that the IT team uses – from endpoints and devices, through to internal applications deployed in data centres and through to new applications based in the cloud. This insight must be accurate, it must be made available as close to real-time as possible, and it must provide useful information by being normalised and simplified to deliver the right level of visibility.

Defining security and efficiency priorities for tomorrow’s defence organisations

As the defence sector continues to modernise and we consider how to exploit cutting-edge technologies at speed, we face critical challenges. In the last Modernising Defence Programme update, it was confirmed that the MoD was spearheading innovation in how best to combat sub-surface threats to UK submarines using measures such as autonomous systems, AI, ML and, of course, networked devices. It can be more cost effective to hack vital equipment and infrastructure than to destroy them with munitions.

Defending against these new risks is vitally important, and will have to rely on IT asset inventory and insights. For example, how does your organisation identify and decommission software when it is no longer needed? Equally, how do you know that installations have been decommissioned and removed from all assets in reality? How do you prioritise the remediation of this situation, depending on the real exposure and exploitability of the vulnerable surface? Crucially, how long does it take for you to become aware of this situation in the first place? Having the right approach to IT assets can solve these problems at scale.

For defence organisations, achieving the efficiency savings that have been outlined in the SDSR will require the use of new technology offerings that can reduce costs and strip out waste. However, it is equally essential to assess the risk that agencies and organisations will take on as well. By looking at an asset-centric approach to visibility, understanding where they are most vulnerable and then tackling those vulnerabilities and compliance issues first, defence organisations and agencies can achieve their security and efficiency goals.

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

The post Enemy spotted: How to handle visibility for defence sector cyber security appeared first on Defence Online.