The Kaspersky Incident
C4ISR, Cyber, & Space
How Smart Sensors Can Prevent Future Cybersecurity Disasters
New York Times journalists Nicole Perlwath and Scott Shane expose the threats posed by modern commercial software in an article that reads like a modern-day John Grisham novel. Their story details how Russia appears to have penetrated U.S. agencies via a backdoor in the popular Kaspersky Lab anti-virus software, sold by the Russian-owned company. On September 13, all federal agencies were ordered to remove Kaspersky software from their networks due to the threat the software posed.
While many are asking how this could have happened, the reality is that understanding how, where, and by whom commercial-off-the-shelf (COTS) software is developed is no simple task. That is why discovering and reporting on software installation and usage via a DHS-approved Continuous Diagnostics and Mitigation (CDM) dashboard solution is critical for federal government agencies.
Federal supply chain security policies require that products and code include security measures as they are built or developed. Supply chain security is an important tool for Chief Information Security Officers (CISOs) and when combined with enterprise architecture (EA) best practices can greatly reduce risk. EA and information security have a very symbiotic relationship. EA acts as the gatekeeper to the software castle, by only allowing trusted software into the enterprise. EA also performs alternatives analysis when new software is requested and helps determine if the shiny new software has true value or is simply a nice to have, while another trusted and tested product performs 90 percent of what the end- user needs.
In addition, EA keeps metrics on each piece of software: where it’s installed, how it’s used, when it’s used, and whether it’s effective. This critical function is only successful if there are sensors installed on every device on the network. In security circles, this is known as sensor grid density. Are there enough CDM sensors reporting data on cyber risks to give information security and IT operations a clear picture of what is happening on the network?
The Kaspersky incident shows how easily harmful software can be masqueraded, leaving a gaping hole in networks. More compliance checks don’t solve the problem – what’s needed is verification that dangerous software has been removed from the network. The right CDM sensor grid ensures that only trusted software is installed and used. An added benefit is that CDM helps CIOs reduce costs by reporting where software is installed and how often it is being used. CDM is an essential tool for network security and a very effective tool for CIOs who can use it to optimize IT resources. Its adoption will be a giant step forward in securing federal networks.