It seems like every day we hear about a new ransomware attack – oil pipelines, hospitals, food suppliers, water treatment plants, banks, schools, businesses. Our quality of life is under attack.
According to Christopher Wray, FBI Director, testifying before the U.S. House of Representatives Judiciary Committee on June 10, 2021, “We think the cyber threat is increasing almost exponentially. Ransomware alone, the total volume of amounts paid in ransomware, has tripled over the last year. We’re investigating 100 different ransomware variants.”
What can businesses do in this fight against ransomware attacks? Telos provides a one-two punch – plan your cyber defense and hide your cyber assets.
The First Punch – Plan Your Cyber Defense Using Xacta®
After the ransomware attack on Colonial Pipeline, the largest pipeline operator in the U.S., Colonial CEO Joseph Blount, Jr., testified before the Senate Homeland Security and Governmental Affairs Committee on June 8, 2021. Blount said that while Colonial Pipeline had some basic cybersecurity plans in place, they had had “no discussion about ransom” before the attack. Senator Maggie Hassan of New Hampshire called this testimony a “stunning admission” and noted that she has “small school districts in New Hampshire that are better prepared for cyber attacks than Colonial Pipeline.”
We don’t plan to fail. We fail to plan.
The good news is that we have one of the leading cybersecurity planning organizations in the world right here in the USA – the National Institute of Standards and Technology or NIST. The NIST Cybersecurity Framework is the gold standard for businesses and organizations to identify and assess the cybersecurity risks of their computing systems and protect themselves from cyber attacks. Even better news, these NIST framework and guidelines are documented in NIST Special Publications or SPs and available for free.
- You interested in 5G Cybersecurity? There’s an SP for that.
- How about the Internet of Things? There’s an SP for that too.
- Supply Chain? Ransomware? Cloud? BYOD? SP, SP, SP, and SP.
- Industry guidelines for Healthcare, Electric Utilities, Oil and Gas, Financial Services, and more? SPs for all of them.
The plans are there for businesses to execute. Telos, through its Xacta portfolio of products, is a key technology solutions partner in this cybersecurity strategic planning process. Xacta takes the security frameworks from NIST and other industry leading standards bodies and automates them through software-based, enterprise-grade tools, templates, databases, and management systems. You can use Xacta to establish or upgrade your cybersecurity policies, audit and continuously monitor your global IT infrastructure for cyber risks, and produce status reports, dashboards, and remediation plans that accurately reflect the state of your organization’s cyber hygiene.
According to Jen Easterly, the nominee to serve as Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “We know that at the end of the day, a lot of this comes down to the basics of cyber hygiene – passwords, multi-factor authentication. These basics are absolutely critical to get out the information that is needed so that people know how to protect themselves.”
The Second Punch – Hide Your Cyber Assets Using Telos Ghost®
With the first punch of Xacta, you have your cybersecurity strategy and plan in place. The second punch is to protect your most valuable organizational assets. For example, servers and storage devices, critical infrastructure, intellectual property, data and applications, and people. These prized assets are the most likely targets for ransomware attacks.
What can you do to protect these corporate assets from hackers? Hide them.
The challenge is that these corporate assets are attached to a network. Of course, your computers are network-attached as well as the data and applications stored on those computers. Have you thought about your C-level executives and board of directors using the Internet? How about your new product engineering documentation? What about your oil pipeline, your operating room, or your virtual classroom?
Anything on a network has a network address. Anything with a network address can be hacked.
Telos Ghost is a specialized network-as-a-service developed for the U.S. Intelligence Community that we are now offering commercially. Telos Ghost provides robust network connectivity and hides anything attached to it – servers, people, databases, sensors, video cameras, etc. Telos Ghost not only hides network devices and users, it also publishes fake network addresses so that when a hacker thinks they may have found something valuable on the network, they are actually in the wrong place.
The technical way to describe Telos Ghost is that it is a virtual obfuscation and misattribution network. Virtual refers to Telos Ghost being a software-defined network (SDN) that runs securely on the internet. Obfuscation means there is a network architecture, operational model, patented methodologies, and multiple layers of encryption that hide your network assets. Misattribution is a technique for providing false network addresses and creating alternate digital personas that mask your true location and identity.
You don’t need Telos Ghost to replace your entire enterprise network – just to hide those critical, network-attached assets that hackers would target.
What Good is a One-Two Punch in a 12-Round Boxing Match?
There is a lot to do to stop ransomware and other cybersecurity attacks. It’s going to be a long fight. Businesses can use the one-two punch of Xacta and Telos Ghost to knockout the hackers now.