6 steps to secure systems for sequester

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By William Jackson
 

Connecting state and local government leaders

By William Jackson

|

Patches, idle accounts, mobile devices not in use and, yes, disgruntled workers have to be accounted for.

The details of how the budget sequestration will be implemented and who will be sent home from work and for how long still are being worked out, but it is likely that everyone — including IT administrators and cybersecurity professionals — will share in the pain.

“We do not see any immediate impact” on cybersecurity, said Jody Brazil, president and CTO of FireMon, an enterprise security management company. “In [the Defense Department] we see no impact whatsoever; cybersecurity is still a priority. In the other agencies it is less certain.”

Attorney David Z. Bodenheimer, who heads up the homeland security practice at the D.C. law firm Crowell & Moring, called cybersecurity “one of the last safe harbors from sequestration.” While most other areas are subject to hiring freezes and furloughs, it is one area where hiring is still going on. “But it doesn’t mean cybersecurity will be unscathed,” he said.

Even if IT departments do not take the full brunt of the budget cuts, risk profiles will change as personnel leave, accounts sit unused and workflows shift. Mobile devices in (or out) of the hands of furloughed workers will have to be dealt with and insider threats from overworked or unhappy employees could increase.

Industry experts offer some advice with how to prepare for the impact.

1. Update systems now

Managing change, configuration and patching on IT systems is always a challenge and is not going to get any easier when furloughs begin.

“These things are not automated to the point where they can withstand the impact” of a reduced workforce, Brazil said.

“These activities will be almost centrally delayed, if not cut from the budget,” Bodenheimer said. “If you don’t have a full team to continue patching, upgrading and monitoring the systems, security is going to be degraded,” Bodenheimer said.

On the positive side, Brazil said the federal government’s focus on cybersecurity has improved over the last two years. But holes in network defenses will continue to be holes. Paying attention now to patching and updating now will not necessarily prevent future problems, but it could help make dealing with them less demanding.

2. Establish remote access policies for furloughed workers

Strictly speaking, furloughed employees probably should not be accessing agency networks and accounts. But nobody wants to come back to the office to thousands of unanswered e-mails or to face unprepared some new crisis that has been brewing. “It’s human nature,” said John Bordwine, Symantec’s public sector CTO.

“I would anticipate that even with empty desks, they will continue to check the network from time to time,” Bodenheimer said.

So make it explicit just what is expected of furloughed workers, what is allowed in the way of remote access while off the job and how information will be given to workers during their furloughs. Then put access rules in place to enforce these policies. This should make it easier to keep tabs on who should be and who is accessing resources.

3. Put idle accounts into a protected state

It probably does not make sense to shut down or de-provision accounts that are temporarily idle, but unused accounts can increase risks if not monitored. “Put the accounts in a protective mode,” in a separate domain or router environment so that they can be monitored and managed separately, Bordwine said.

Router and firewall rules can help to segregate accounts, and with fewer people around to monitor traffic it could make it easier to spot improper traffic. And don’t forget to keep an eye on outgoing traffic as well as incoming, especially for data that is leaving the network. “That should be a red flag,” Bodenheimer said.

4. Adjust workflows

Many jobs are automated, with paperwork and approvals being forwarded digitally to the proper people at each stage of a task. When links of this chain are missing, workflow can be interrupted unless additional workers are given access to others’ accounts, which can create risks. Use temporary delegations in apps to ensure that work keeps flowing without changing permissions for all of the people who are out of the office, said EMC chief security officer Dave Martin.

5. Consider mobile devices

After you determine policies for remote access while off the job, consider what you are going to do about the mobile devices used for this access.

If the agency issues the device, these might be sequestered as well — taken away as the employee leaves for a furlough. That can prevent improper use, but don’t forget that that patches and software updates need to be current before they reconnect to the network if this is not done automatically upon connection.

BYOD is a different issue. It’s hard to take away personal devices, so decide whether access will be blocked and what should be done with agency data already on the devices. Wiping and restoring this data could be impractical and time-consuming, but the burden of managing these devices during furloughs could increase whatever solution is decided upon.

6. Remember the insider threat

Threat profiles will change as the work environment changes, and with the increased pressures of forced furloughs the insider threat can increase, through either malicious activity or carelessness.

Unhappy workers assigned additional tasks because of the furloughs can “become somewhat cavalier” in their jobs, increasing the risk of mistakes, warned Tom DeSot, CIO of Digital Defense. Workers dissatisfied with their unpaid leave might also be tempted to take out their frustration by blocking access to resources, changing or deleting information or even stealing data.

In addition to monitoring the perimeter for improper access, administrators will have to remain vigilant for improper behavior inside the enterprise as well, said Martin.

NEXT STORY: Hacks happen. Security Module can help agencies navigate crisis response

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.