Blog

How SLED Preemptively Prevents Attacks with Threat Intelligence

11.24.2020

“When the enemy has made a plan of attack against us, we must anticipate him by delivering our own attack first.”  —  Sun Tzu, The Art of War

2020 has been a year of turmoil. This year we all experienced a global pandemic, a shifting workforce, an education industry in flux, and a major election year, to name a few. As a country and a society, we all had to learn new ways of doing things. Never to miss an opportunity, cyber threat actors used this turmoil to launch the most damaging, broad, and aggressive attacks that we’ve seen in recent history. From banking to our school systems, cyber attacks came in the form of phishing, ransomware, and denial of service (DoS) attacks. In the midst of all of this, one industry carried the brunt of the burden – State, Local, Tribal Governments and Education (SLED). While this industry includes a wide swath of entities, organizations, and institutions…it is the primary industry that includes both government and education. Arguably the two that were the most publicly affected during this past year.

I’m sure that we will look back and study what went well and what did not – from a “hindsight cybersecurity” magnifying glass. But it is also my opinion that while there were definite areas of opportunity, overall, we fared pretty well. More importantly, the lessons learned will ensure that we are able to navigate future challenges more securely. The reason I believe this is because of what did NOT happen this year – a successful cyber attack on our election systems.

According to a New York Times article that chronicled the US strategy and apparent success, the US took lessons learned from the 2016 attacks on our election systems, and tried a more aggressive cybersecurity strategy – preemptive protection based on threat intelligence. From the article, United States Cyber Command dived deep into Russian and Iranian networks in the months before the election, temporarily paralyzing some and knocking ransomware tools offline.

Then it stole Iran’s game plan and, without disclosing the intelligence coup behind the theft, made public a part of Tehran’s playbook when the Iranians began to carry it out.

Now, nearly a week after the polls closed, it is clear that all the warnings of a crippling cyberattack on election infrastructure, or an overwhelming influence operation aimed at American voters, did not come to pass. There were no breaches of voting machines and only modest efforts, it appears, to get inside registration systems.”

One can surely say that this strategy is picked from the very pages of The Art of War by Sun Tzu. Also attributed to Tzu, “The best offense is a good defense” (paraphrased).

Even before the pandemic, administration officials have been working with SLED organizations to bolster their networks in preparation for a potential disruptive and concerted campaign by foreign entities. After all, a USA in disarray is a USA that is weak. However, with proper planning, the sharing of information and intelligence, and an equally concerted effort to build effective cyber defenses, our election systems were protected from foreign entities.

However, our education systems didn’t fare so well. March, April, and May saw a constant flow of headlines as school districts, vulnerable as they shifted to remote learning, were attacked by cyber criminals. Summer gave us a short reprieve and we were flexible and nimble. Learning from lessons just a few months old, and with the support of other districts’ best practices and a security industry ready to help, the fall semester happened much more smoothly. Unfortunately, we aren’t done yet.

As the pandemic sees infection rates skyrocket and an impending shut-down again…and as we are still in the throes of a contentious government transition, cyber actors are surely rallying their armies, preparing to attack. Once again, the only sure offense is a good defense. A good defense starts with (as i’m sure Sun would agree) the very best intelligence. However, intelligence alone is not enough. As the US Cyber Command just showed us, it’s how you put it into action that matters. Unfortunately, not everyone has the benefit of the US Military. But you DO have the benefit of intelligence from the US Dept of Homeland Security….and ThreatBlockr can put it into action. ThreatBlockr makes protecting your network with threat intelligence SMART, SIMPLE, and SCALABLE. Find out more about our network security platform here.