Using Zero Trust to Prevent Agency Ransomware Attacks

Tim Jones, Regional Vice President of Systems Engineering, Public Sector, at Forescout | 25 March 2022

COVID-19 made moving agency employees and services off-premises essential. This move, however, has also sparked one of the biggest waves of cybercrime the internet has ever seen. Ransomware attacks have been particularly effective against government agencies and critical infrastructure. The February 2021 attack on the Oldsmar water plant in Florida shows an attempt was made to manipulate the pH in the city’s water to dangerously high acidic levels by increasing sodium hydroxide (lye) by 100 times.

The more recent Colonial Pipeline attack forced operations to a halt for six days and paid out $4.4 million to the attackers. The fallout caused gasoline shortages across the east coast and gave a clear playbook to other bad actors.

With remote operations essential for both public health and infrastructure modernization, how do you guard against these types of attacks? The answer is making Zero Trust the standard for all security operations as called for in the recent Federal Zero Trust Strategy and Cybersecurity Executive Order. Major concepts of Zero Trust for federal civilian agencies are represented in this infographic.

Making Zero Trust the standard across all devices

One of the primary sources for Zero Trust standards is NIST 800-207. This directive outlines a set of substantive Zero Trust architectures and deployment models that agencies can follow, but they aren’t a one-size-fits-all solution. It’s important to remember Zero Trust is a security design approach and not a single, fixed solution or technology that can be purchased and implemented. The core concept behind Zero Trust is to “never trust, always verify” and must be applied and adapted to every part of an agency’s infrastructure. This often requires a layered solution approach, particularly when it comes to the Internet of Things (IoT).

The IoT landscape represents the single biggest attack vector with the greatest potential for impact. No device, big or small, should be trusted by default.

How Zero Trust prevents ransomware attacks

The latest news from investigations into the Colonial Pipeline attack reveals that hackers likely got in using a leaked password from the dark web. This password let hackers into the company’s VPN, which remote employees had been using to access the company network. With Zero Trust architecture in place, your IT infrastructure cannot be compromised with a single password leak. Every device, both inside and outside the agency, needs to be verified every time it is used.

Potential ransomware attacks are thwarted when attackers are uniformly denied access across any potential attack surface. One of the most efficient and effective ways to do this is with a single security platform that can prevent, monitor and manage cyber threats across all devices and access points.

Security platforms like those from Forescout Government Solutions can help ensure that every access point is verified and secured while simultaneously monitoring and responding to threats as they happen. For this reason, proven security platforms with strong Endpoint Detection and Response (EDR) solutions are a key part of complying with the Cybersecurity Executive Order.

Managing security in the mobile world

Zero Trust solutions, such as the Forescout platform, can assign additional security checks to devices with a higher risk posture and monitor real-time connections for changes. With more agency employees than ever working remotely, Zero Trust must move beyond the agency brick-and-mortar. Effective Zero Trust means an agency employee using a public coffee shop Wi-Fi will be just as protected as those working in the office.

Modern agency infrastructure relies on a mix of device and connection types, locations and workloads. Wired IoT connections in-office can connect to mobile devices miles away. Agency data structures also are being moved to the cloud for better remote access. All of these entry points need to be protected, and Zero Trust is required for these connections to be safe.


Business News