Beyond IT – The Devices that Pose a Critical Cyber Threat for Government

Government Cybersecurity Programs

The U.S. Government has launched several programs aimed at ensuring that computer systems are up to date and not vulnerable to cyberattacks. For example, the Continuous Diagnostics and Mitigation (CDM) and Comply to Connect (C2C) programs both require the continuous monitoring of computer systems and mitigation of vulnerabilities, including the deployment of patches for “managed devices.”

More recently, in May of last year the President issued Executive Order (EO) 14028, Improving the Nation’s Cybersecurity. EO 14028 is a government-wide effort to ensure that baseline security practices are in place, to migrate the Federal Government to a Zero Trust architecture, and to realize the security benefits of cloud-based infrastructure while mitigating associated risks. In January 2022 the Office of Management and Budget (OMB) released Memo 22-09, providing specific goals and deadlines for implementing Zero Trust. These deadlines require agencies to achieve specific Zero Trust security goals by the end of Fiscal Year (FY) 2024.

These programs have been successful at moving cybersecurity health forward. Staying ahead of an attack, however, is becoming increasingly difficult given rapid and constant technology evolution. What’s more, a steady increase in the number of IoT and unmanaged devices is only compounding the problem. In the last several years, they have outpaced the number of managed devices by orders of magnitude, creating an expansive new attack vector. The recently disclosed  Apache Log4j logging utility vulnerabilities are a good reminder of the scope of the challenges and stakes; they demonstrate the potential breadth of a single vulnerability in a sea of potential vulnerabilities.

IoT and Unmanaged Devices

Before proceeding, let’s quickly recap why IoT and unmanaged device security is important. There is a common misconception that IoT devices are “dumb,” but that isn’t the case. In fact, IoT devices often run some form of embedded Linux or Windows, or even application or web servers, so they can have the same vulnerabilities as managed devices. However they are often unmanaged which means they are overlooked when security policies are enforced. That is why a comprehensive inventory of all devices on your network, including IoT and any other type of unmanaged devices, is essential.

Low-hanging-fruit Attack Vectors

The easiest attack vectors for bad actors are machines with known vulnerabilities that have not been mitigated (patched). And although the CDM and C2C programs were designed to address these types of issues, the recent Log4j vulnerability illustrated where the programs fall short. The problem is that both managed and unmanaged devices may employ Log4j and thus be vulnerable to attack, yet currently CDM and C2C only require  compliance reporting for managed devices—completely ignoring a host of potentially vulnerable unmanaged devices.

Unifying Managed and Unmanaged Device Oversight

To ensure a comprehensive cybersecurity posture across your agency, I recommend you take a step back and broaden your overall aperture to include all systems, including both managed and unmanaged devices. This includes SCADA systems, PLC controllers, sensors, and more. Only when you have 100 percent visibility of all your assets will you have a strong cybersecurity posture. It’s also important to keep in mind that computers that should be managed often fall through the cracks for a variety of reasons, creating huge security risks. With the Armis platform, your agency can see everything managed and unmanaged on the network.

Keep in mind that to assess and solidify your entire cybersecurity posture, it’s important you consider and monitor all the computer systems used within your agency. This means more than assets in your data center or cloud solutions; it also includes building management systems (BMS) and the associated devices. After all, HVAC, power, and other building systems are ideal targets for threat actors looking to cause disruption. Ultimately, with visibility into every asset on guest, building, and enterprise networks it will be possible to manage your cybersecurity posture like never before.

Solidify Your Cybersecurity With Armis

Armis enables customers to quickly and easily achieve the promise of a Zero Trust solution for managed and unmanaged devices; you can deploy the Armis platform in as little as one day thanks to our agentless architecture. Armis unifies views of 100 percent of the resources on your networks—including managed and unmanaged SCADA, PLC, healthcare, OT, and BMS assets—behind a single pane of glass. With the ability to detect potential threats in real time and automatically or manually disconnect compromised assets, Armis provides essential capabilities for managing the full scope of today’s cyber threats.