Biden’s Backing Cyber
In early May, President Biden signed the Executive Order (EO) on Improving the Nation’s Cybersecurity-Biden Administration’s Cyber Security Executive Order. While in the making for some time due to a series of cyberattacks on key US entities, the EO was signed just a few days after the most recent incident targeting critical infrastructure. The attack on the Colonial Pipeline Company caused significant disruptions to those living on the East Coast. Moreover, it occurred only a few months after the SolarWinds hack, which several US Government agencies fell victim to. Cyberattacks on critical infrastructure, including the federal government, can seriously put national security at risk. And as cyberwarfare proliferates, the EO came just in time.
The general aim of the EO is to enhance the government’s security posture through various efforts from both the public and private sector. Many such efforts require improvements to current practices while others consist of new measures that address the current and evolving threat landscape; specifically, the convergence of information technology (IT) and operational technology (OT).
Tackling IT/OT convergence is crucial. Not only does the integration cause notable cybersecurity vulnerabilities, but it is critical infrastructure that tends to operate in such an environment.
The EO, in its introductory comments, highlights the need for partnership between the federal government and actors within the private sector. So, while some aspects of the EO are specific to federal agencies, their interconnectedness with private entities means everyone can benefit from adopting the measures outlined by the Biden administration; it is only a matter of time until they become mandatory for everyone anyway. Hence, it is crucial to understand the EO and, more importantly, how to comply with it. We are here to help with both.
A challenge you might not know you are facing
Biden Administration’s Cyber Security Executive Order addresses improvements to the detection of cybersecurity vulnerabilities and incidents on government networks. More specifically, “increasing visibility into and detection of vulnerabilities and threats to agency networks”. Of course, network security solutions provide greater network visibility; however, the Physical Layer goes uncovered, meaning there is no protection at the hardware level. As a result, enterprises lack complete asset visibility. Thus, they’re unaware of the presence of Rogue Devices as well as exposed to hardware-based attacks originating from such assets.
Spoofed Peripherals impersonate legitimate HIDs. And, having been manipulated on the Physical Layer, trigger no alert to any endpoint security tools as the device is recognized as legitimate. Network Implants sit on the Physical Layer and go completely undetected to all network security software solutions. This includes NAC, likewise triggering no alert. Rogue Devices can carry out harmful attacks that can impact the target’s network. Therefore, visibility must start at Layer 1, the physical layer of the OSI model. There’s no use in having comprehensive visibility on all other OSI Layers if the first layer is left completely exposed.
Started from the bottom, now we’re here
By starting at the bottom (i.e., the first of the OSI Layers), organizations are more equipped to comply with other aspects of the EO. The Order specifies the need for federal agencies to adopt a Zero Trust (ZT) approach.
ZT addresses the reality that threats can occur within an entity’s environment. Therefore, it significantly restricts network access, even to those operating from within. However, ZT is a data-based security model rather than a tool itself. Hence, it relies on various data inputs to make access decisions. When an asset makes an access request, the Zero Trust Architecture (ZTA) must obtain information about the requesting asset and compare such information with the pre-defined access policies.
The functionality of the ZTA relies on the ability to detect and correctly identify a requesting asset. This can only be achieved with Physical Layer visibility. Without such visibility, Rogue Devices can bypass (Spoofed Peripherals) or completely evade (Network Implants) policy enforcement. This leaves the agency’s network just as exposed to hardware-based attacks as it was before ZT adoption. While this specific measure applies to government agencies, other entities, especially those with government contracts, would benefit tremendously from the adoption of ZT (and Physical Layer visibility, of course) for their own enhanced network security.
Sepio Systems supporting compliance
Sepio’s Hardware Access Control (HAC-1) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also provides protection against hardware-based attacks. As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.
HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints. In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure. In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware.
Furthermore, HAC-1’s RDM capabilities support compliance with Section 8 of the EO, which concerns the government’s investigative and remediation capabilities. Section 8 focuses on enhancing data collection efforts in order to improve the investigation and remediation processes following an incident. HAC-1 logs all hardware asset information and usage, and maintains such data for a period defined by the system administrator.
With the threat landscape evolving and cyberwarfare proliferating, what protects you today might not protect you tomorrow. Hence, federal agencies, other critical infrastructure providers, and eventually all other organizations, need to make improvements to their cybersecurity strategy. Technology might bring numerous benefits to the world, but it also makes it a dangerous place to be. So much so, that physical security and cybersecurity are becoming, if not already, one and the same.