Why military agencies must establish cybersecurity readiness now through Comply-to-Connect
In 2019, a U.S. Coast Guard employee inadvertently clicked on a malicious link embedded in an email, triggering a Ryuk ransomware attack. For the next 30 hours, the attacker compromised “significant” enterprise IT network files and encrypted them, shutting off access throughout the Maritime Transportation Security
The malware attack spread throughout the facility’s consolidated IT and operational technology network, impacting “industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations. The effects included disruption of camera and physical access control systems, and loss of critical process control monitoring systems,” according to a Coast Guard statement.
The incident illustrates the urgent need for military agencies to establish cybersecurity readiness for industrial control systems (ICS) and other networked operational technology throughout all connected bases and battlefields. The Coast Guard attack was not a drill or hypothetical scenario. It happened, and demonstrates what can occur in the absence of this readiness.
Fortunately, a funded program is already in place to achieve this transition immediately. Within the Department of Defense, several agencies have incorporated Comply-to-Connect (C2C) into their cybersecurity strategies to improve the authentication, authorization, compliance assessment and automated remediation of devices and systems. Within the C2C framework, IT teams authenticate devices and systems and assess them for compliance with DoD security policies prior to authorizing network access. Compliant devices and systems gain access to appropriate network segments necessary for missions, while unauthorized devices do not until they successfully meet compliance requirements. The DoD is now moving to adopt C2C across its entire global enterprise.
C2C ensures that trusted, authorized devices are rigorously inspected for malicious code, prohibited software, noncompliance and other risks. In contrast to previous security programs, C2C applies to non-traditional networked endpoints including Internet of Things (IoT) devices and OT devices such as industrial control systems (ICS), building automation systems, weapons and other tactical systems, medical equipment, and many other mission-supporting devices. C2C combines all systems and their components in need of protection “in one house” as an integrated, collective whole.
This is proving increasingly important for the operational readiness of ICS infrastructures enabling power, water and other functions at military bases. Without them, our mission systems simply would not work. In fact, the DoD relies on an estimated 2.5 million ICS assets in more than 300,000 buildings for the real-time, automated monitoring and management of utility and industrial systems.
However, in this modern age of digital transformation, the wide range of C2C’s applicability to OT devices and systems is playing an essential role; especially as ongoing innovation introduces new vulnerabilities. In a report titled “Weapon Systems Cybersecurity: DoD Just Beginning to Grapple with Scale of Vulnerabilities,” the U.S. Government Accountability Office (GAO) reports that the DoD “faces mounting challenges in protecting its weapon systems from increasingly sophisticated cyber threats… DoD’s late start in prioritizing weapon systems cybersecurity; and DoD’s nascent understanding of how to develop more secure weapon systems.”
A large number of weapon systems depend upon software-enabled ICS connectivity to monitor and manage equipment and carry out essential functions, according to the GAO report. But the ICSs were originally designed for use in trusted environments, so many “did not incorporate security controls,” the GAO states. What’s more, DoD officials admit that their program offices may not know “which industrial control systems are embedded in their weapons or what the security implications of using them are.” Discussions sparked by the GAO’s research illustrate challenges the DoD and all large organizations face visualizing assets and accounting for accidental and other inevitable vulnerabilities in technology supply chains spanning different private sector suppliers and countries of origin.
Source: c4isrnet.com
The post Why military agencies must establish cybersecurity readiness now through Comply-to-Connect appeared first on ARMYNOW.NET.
- Δημοφιλέστερες Ειδήσεις Κατηγορίας Blogs
- ΣΕΙΣΜΟΣ ΤΩΡΑ- ΠΟΥ ΕΓΙΝΕ ΣΕΙΣΜΟΣ
- Τσεκούρι στη ΔΟΥ Κοζάνης: Γιατί πραγματικά ο 45χρονος επιτέθηκε στους εφοριακούς. Ψίθυροι
- Ο μυστικός νόμος της ανθρώπινης έλξης που σχεδόν κανείς δεν γνωρίζει
- Τι λένε τ’ άστρα και τα ζώδια (18/7/2020)
- Κορωνοϊός, νέα έκτακτα μέτρα: Αλλάζουν όλα στα σούπερ μάρκετ. Ποιες μάσκες απαγορεύονται
- Kορονοϊός: Πρόστιμα για όσους δεν φορούν μάσκα – Τα ποσά
- Πέτσας: Την επόμενη εβδομάδα ανακοινώσεις για το χρόνο καταβολής αναδρομικών
- Strela 4×4 tactical armoured vehicle unveiled by VPK
- Ψηφιακή διακυβέρνηση: τέλος στη γραφειοκρατία
- Έρχεται οριζόντια λύση για τα αναδρομικά των συνταξιούχων
- Δημοφιλέστερες Ειδήσεις Armynow
- Strela 4×4 tactical armoured vehicle unveiled by VPK
- Why military agencies must establish cybersecurity readiness now through Comply-to-Connect
- Taliban negotiators make big changes ahead of expected talks with Kabul
- CRS: North Korea strives to develop nuclear-capable missiles that can defeat BMD systems
- A story of heroism – A Yemeni’s fighter trek under constant fire for over 2 minutes [vid]
- More than 20,000 US troops have contracted COVID-19, as numbers continue to rise
- Τελευταία Νέα Armynow
- Why military agencies must establish cybersecurity readiness now through Comply-to-Connect
- Strela 4×4 tactical armoured vehicle unveiled by VPK
- CRS: North Korea strives to develop nuclear-capable missiles that can defeat BMD systems
- A story of heroism – A Yemeni’s fighter trek under constant fire for over 2 minutes [vid]
- Taliban negotiators make big changes ahead of expected talks with Kabul
- More than 20,000 US troops have contracted COVID-19, as numbers continue to rise
- VA Medical Centers: 20 (more!) little known facts about them
- UK, US and Canada allege Russian cyberattacks on Covid-19 research centers
- Libya’s Expanding Proxy War May Be the Ultimate Test of NATO’s Resilience
- Analysis: the use of drones by Turkey in Libya is a game-changing
- Τελευταία Νέα Κατηγορίας Blogs
- Το σχόλιο του Νίκου Χατζηνικολάου
- "Έφοδος" της Δέσποινας Μοιραράκη την ώρα που έκανε δηλώσεις ο Χαρδαλιάς - ΒΙΝΤΕΟ
- Κοζάνη: Προφυλακιστέος ο δράστης με το τσεκούρι - Ψυχρός και μη συνεργάσιμος
- Κοζάνη: Ο πρόεδρος των εφοριακών αποκαλύπτει όσα κατέγραψαν οι κάμερες ασφαλείας - Σοκαριστικό βίντεο
- Σύλληψη ατόμου για ληστεία στα Τρίκαλα
- Στη Βουλή το νομοσχέδιο για τις νέες φορολογικές παρεμβάσεις για νοικοκυριά και επιχειρήσεις
- Εορτολόγιο: Ποιοι γιορτάζουν σήμερα 18 Ιουλίου- Υποχρεωτική μάσκα σούπερ μάρκετ
- Υποχρεωτική πάλι η μάσκα | Ποια θα είναι τα πρόστιμα
- Πρόβλημα στο tourism4all.gov: ΟΑΕΔ Κοινωνικός τουρισμός δικαιούχοι- ΟΠΕΚΕΠΕ ΠΛΗΡΩΜΕΣ
- Ο μυστικός νόμος της ανθρώπινης έλξης που σχεδόν κανείς δεν γνωρίζει