Getting to Know the “Enemy with No Face” is Critical to Winning the Cyber War

“The enemy with no face”. No, it’s not the latest Dwayne “The Rock” Johnson Hollywood action movie, but the tagline from the U.S. Army’s latest cyber warrior recruitment ad.

The nameless, faceless adversary proclaims he has the power to shut down our power grids, analyze our infrastructure, and access the personal data of everyone in America. Scary stuff.  But it’s hardly exaggeration. Our election was hacked by a foreign government, the background information of 21.5 million Americans was stolen by Chinese-sponsored hackers at the OPM, and hackers affiliated with the Iranian government were able to access the control system of the Bowman Avenue Dam 30 miles north of Manhattan. That’s just a few of the heists the “enemy with no face” has pulled off in the last couple of years alone.

Invisibility Stymies Discovery and Response

With the explosion of the Internet of Things and millions of connected devices, what’s to stop a threat actor from accessing your network through your unsecured back door, or taking control of your mission-critical systems right from under your nose?

Hackers are looking for any way into your organization, and it can take months to years after a data breach has occurred for the hack to be discovered. For example, OPM first detected the cyber intrusion of personnel files stored at the Interior Department in April 2015, but it was 17 months earlier in November 2013 that hackers initially breached the Office taking off with blueprints to its networks. This was despite a crumb trail of clues and alerts scattered across this timeline, and possibly even earlier.

We now know that the OPM breach could easily have been prevented. In 2016, congressional leaders chastised OPM for the lax state of its information security infrastructure:

This is in large part due to sloppy cyber hygiene and inadequate security technologies that left OPM with reduced visibility into the traffic on its systems,” said a 2016 report by The House Committee on Oversight and Government Reform.

But it’s more than that. Understanding the traffic on your systems won’t shed light on the “who” and “why” of cyberattacks.

Secure your Agency with the Mindset of the Attacker

If you’ve studied the Cyber Kill Chain, you’ll know that malicious actors make it their job to understand their victims, better than they know themselves – their vulnerabilities, holes in perimeter protection, potential entry points, who your organization employs, its contractors, and vendors. This is before they are even in. Once an attack is underway and they are in, that’s when the reconnaissance starts and it’s downhill from there to control and command, extract and exfiltrate.

Yet government agencies aren’t always securing their environment with the mindset of the attacker – and that’s a problem. Getting to know “the enemy with no face” can offer vital clues into why they attacked you, what they were seeking, and what the consequences to your agency might be. Attribution can also help you beef up your security infrastructure and incident response planning, especially when it comes to protecting your most precious, mission-critical assets.

So how do you get to know “the enemy with no face”?

You need more than point solutions to individual problems, you need a holistic approach that stresses threat hunting and detection, advanced prevention of attacks against your systems and data (on your network or in the cloud), a correction of vulnerabilities, and a governance, risk management and compliance posture that enforces ground rules and accountability. Faced with a plethora of options, DLT’s cybersecurity partnerships, expertise and solutions can help your agency understand the solutions available and which ones will work best for your agency.

Check out our resources page to learn more about understanding and confronting “the enemy with no face.”

Brandon Gilmore Government Tech Writer