Incoming Demand for Critical Cybersecurity Infrastructure

The heightened threat of retaliatory cyberattacks by Russia against critical U.S. IT infrastructure is prompting federal investments in cybersecurity to strengthen its cyber defense posture. The ongoing conflict in the region and the increased targeting of critical infrastructure assets will cause federal agencies to look for ways to strengthen their cybersecurity posture and redefine requirements that address cyber breaches that may occur during the coming months and years as well as drive investments into Zero Trust related tools and threat intelligence. The overall number of ransomware attacks has gone down in recent months due to sanctions against Russia, but recent cyberattacks and more threats will continue to drive funding for U.S. federal agencies and private companies as they work to protect their assets.

The Colonial Pipeline cyberattack for example, resulted in a ransom payment of millions of dollars to the Russian hacker group, Darkside. In FY22 we will see a $27M investment to shore up the Transportation Security Administrations’ (TSA) insider threat tools and detection technologies. TSA is primarily responsible for pipeline security. The Colonial Pipeline attack showed that TSA had not provided clear cybersecurity requirements or guidance to infrastructural operators thus presenting vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems that maintain critical infrastructure. As the TSA works to prevent similar attacks, technology vendors and channel partners can expect to satisfy requirements for IT infrastructure security and detection technology to secure communications networks and prevent sharing of privileged information outside of agencies.

As breaches like the Colonial Pipeline occur, agencies will align their discretionary budgets to be able to address new and emerging threats. The Department of Justice’s (DOJ) discretionary budget for FY23 shows an increase in cybersecurity, IT infrastructure and data management programs. A good portion of this spending is due to the Russian-Ukraine conflict. The budget request includes $37M for the Federal Bureau of Investigation (FBI) to update their enterprise systems monitoring tools to satisfy Zero Trust cybersecurity requirements. The specific requirements would include centralized logging, red/blue team analysis, tool modernization and forensic analysis. The FBI would also receive an additional $52M to fight cybercrime and allow U.S. agencies to collaborate with international allies in a more seamless manner to target cyber adversaries. Technology vendors and channel partners should expect requirements for cyberthreat identification and analysis, cyberthreat intelligence platforms and incident response. The Drug Enforcement Administration (DEA) may also receive $11M to pursue cyber investigations, reduce response times across security operations, minimize system downtimes and establish a departmental cyber recovery standard operating procedure (SOP). This big spending push from the DOJ may influence similar spending throughout other federal agencies based in investigation as cyberthreats are discovered, mitigated and targeted. There may also be a demand for more funding and more fleshed out programs as agencies learn to collaborate better with foreign allies when analyzing and targeting cyberthreats with the intention to track them back to the source.

While there is a big spending push from DOJ in the way of targeted cybersecurity, we can also see trends throughout the federal government that point to an overall increase in sets of IT requirements coming out the last few months that are related to bolstering security in a heightened cybercrime environment. On April 28, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI added new indicators of network compromise (originally listed on February 26, 2022) to provide an updated outline of possible cyberattacks and how to mitigate them. The update includes new malware listed as HermeticWiper, IsaacWiper, HermeticWizard and CaddyWiper that deployed on Ukrainian networks starting back in January. These new indicators of compromise will drive security reinforcement requirements across federal networks as agencies attempt to scan for and mitigate this new set of threats. Network security vendors can look to this pain point to help agencies protect existing software as well as provide cyber tools to address new malware environments. As U.S. sanctions hold firm, agencies will be looking to maintain their cybersecurity posture to prevent retaliatory damage to infrastructure and networks.

The rising cyberthreat to key U.S. interests is not lost on senior leaders within the administration. Secretary of State, Antony Blinken cited a May 10th Intelligence report that stated Russia was responsible for an attack on the U.S. satellite company ViaSat, damaging infrastructure in allied territories. The report stated that “Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion… the activity disabled thousands of terminals outside of Ukraine that support wind turbines and internet services.” As U.S. federal agencies work to protect large networks and secure sets of data, we will continue to see a growing demand for unilateral Zero Trust archetypes and anti-malware software that can adapt to the cyberthreat intensive environment.

The Department of Energy (DOE), CISA, the National Security Administration (NSA) and the FBI released a joint report on April 13th that stated an “unnamed advanced persistent threat actor” has developed a set of tools catered toward targeting industrial systems. The tool allows hackers to infiltrate infrastructural technology like power plants and water treatment facilities. Federal agencies are currently recommending all organizations utilize improved perimeter controls and limit any communications entering or leaving ICS/SCADA perimeters. These agencies specifically will be looking to satisfy requirements involving securing network traffic and industrial control networks. Recommendations so far include multi-factor authentication, changing passwords to ICS/SCADA devices and systems and maintaining backups offline with the use of hashing and file integrity checks to ensure validity.

CISA also released a guide last month aimed at critical IT infrastructure owners and federal, state and local partners. The guide includes the types of possible malicious network activity to be aware of in the coming fiscal year. The list includes unauthorized system access, denial of service attacks, malicious code, targeted scans against services, unauthorized access attempts, phishing attempts and ransomware. Over the past few months, federal agencies have been diligent in investigating and reporting network breaches and releasing transparent sets of cybersecurity requirements that show technology vendors where to address pain points.

Over the coming months, technology vendors should look to satisfy requirements based on IT infrastructure level cybersecurity that align with the prescribed Zero Trust archetype. Also, technology vendors and channel partners should be on the lookout for opportunities to insert products that address needs regarding identity and access management, security architecture, and engineering and asset security.

To get more DLT Market Insight content, please visit our Market Intelligence microsite.
 

About the Author:
Dawit Blackwell is a senior analyst of the DLT Market Insights team covering Federal Civilian agencies.