Federal CyberUncertainty - KVM XYZ
Federal agency CISOs are already focusing hard on CDM, FISMA, HSPD 12, and TIC – but it’s time to throw another acronym into the mix, and this one spells
common sense productivity for the classified and sensitive-data communities.
A Growing Threat
Internal and External VulnerabilitiesTop agency vulnerabilities5
Denial ofService Attacks
48%Non-publicInformation
45%AgencyNetwork
44%Classified or
Protected Information
39%System Admin
Accounts
37%
73%
increase in the number of incidents agencies report to the Federal
information security incident center over the past 6 years
680% 45%
data records containing bank account information or social security numbers were compromised in 27 government
data breaches in 2014 alone3
1.73 MILLION
Alphabet Soup
Agencies lack confidence in (and compliance with) major Federal cyber security initiatives.
FISMA6:Just over half of Feds say FISMA has improved security at their agency
Only 27% were fully compliant with FISMA in the fall 2013
27%86% believed FISMA compliance increased costs
of Federal officials cite cyberattacks as the greatest
threat to national security (20% higher than terrorism)4
1 http://www.bostonglobe.com/news/nation/2014/11/10/federal-government-struggles-against-cyberattacks/8ls3WW4Q5baJ9iIO5DPqfM/story.html 2 http://www.techamerica.org/Docs/TechAmerica_2014_CIO_Survey%20(2).pdf3 http://www.informationweek.com/government/cybersecurity/4-worst-government-data-breaches-of-2014/d/d-id/1318061 4 http://www.gssfedsales.com/wp-content/uploads/2014/11/2015-Government-Technology-Trends.pdf5 MeriTalk, The Heart of the Network, 2015.6 MeriTalk, FISMA Fallout: The State of the Union, 2013.
Between 2009 and 2013, the number of reported breaches on U.S. Federal computer networks rose1
Pass the KVM Spelling TestSecure switches:
The Need for KVM Security The Need for KVM Security
CDM1:
TIC3:
Despite all of the PIV cards issued:
HSPD-122:
5.3 million unprivileged user accounts (limited access) can log onto Federal networks with only a user ID and password
134,287 privileged user accounts (admins with access to everything) are just using user ID and passwords (instead of PIV)
56% of agencies can measure CDM implementation success – but only 44% are experiencing better security as a result
44% of of Federal agencies say they lack knowledge about how to implement CDM
In fiscal 2014 agencies passed 95% of traffic through a TIC or an equivalent Managed Trusted Internet Protocol Services (MTIPS) provider – while successful, TIC is cumbersome for mobile access and reduces easy access to data and apps*
Peripherals (such as a keyboard or mouse) have the ability to both send and receive data, creating a security gap
Endpoint security controls that are notcurrently implemented6:
Data Loss Prevention (DLP)
Application whitelisting
Endpoint encryption
Host-based intrusion prevention(HIPS)
60%
59%
53%
42%
A significant amount of government data resides on endpoints – but 66% of Feds say they are missing measures for endpoint security management4
Insider Threat - Nearly half of IT and IT security decision makers said government data is most at risk of breach from employees' or contractors' desktops or laptops5
66%
Here’s your MAP to KVM solutions:
M
A
MONITOR and secure peripheral devices, including USB portusage, understand system features, and buy from reputable firms
AVOID non-secure KVM switches, microphones, & data buffering;ALWAYS examine casing & design to ensure the external housingof the switch is tamper proof
PROTECT video vulnerabilities, isolate data, and isolate the CACreader
P
Eliminate bi-directional data flow
Enable sharing of a single set of peripherals among several computers,while ensuring clear separation between disparate networks
1 https://www.sans.org/reading-room/whitepapers/analyst/continuous-diagnostics-mitigation-making-work-35317 2 http://www.secureidnews.com/news-item/u-s-federal-agencies-lagging-with-piv-strong-authentication/3 http://www.federalnewsradio.com/473/3832035/DHS-trying-to-smooth-the-integration-of-cloud-network-security-programs4 MeriTalk, The Heart of the Network, 2015.5 https://thwack.solarwinds.com/thread/713686 http://www.mcafee.com/us/resources/misc/infographic-risk-of-free-av.pdf