In July 2023, reports circulated indicating that state-sponsored hackers had potentially planted malware in U.S. military networks, gaining control of critical infrastructure operations spanning power grids, communications systems, and water supplies.
While alarming, this wasn’t a one-off event. Organizations – especially critical infrastructure organizations – are under siege in cyberspace daily. And as bad actors become more sophisticated, these occurrences will continue to happen with alarming frequency and severity. As such, federal defense agencies must develop comprehensive plans to contain future attacks effectively.
While slow-moving in nature, there has been some progress on this front. Earlier this year, the Department of Defense released an unclassified fact sheet of their Cyber Strategy, which details how the DoD plans to operate in cyberspace. To address current and future cyber threats, the DoD outlined four complementary “lines of efforts” that they plan to pursue, including: “Generating insights about malicious cyber actors; defending forward to disrupt and degrade actors’ capabilities and supporting ecosystems; and working with partners to leverage all available authorities to enable the cyber resilience of U.S. critical infrastructure and to counter threats to military readiness.”
Shortly after that, the White House’s National Cybersecurity Strategy Implementation Plan (the detailed, action-oriented successor to the “Executive Order on Improving the Nation’s Cybersecurity”) echoed the DoD’s sentiments, citing the goal to “defend critical infrastructure” as the plan’s top pillar.
The alignment of these strategies underscores the vitality of defending our critical infrastructure, and it’s encouraging to see the federal government working towards a common goal. But as the DoD and other federal agencies work toward accomplishing these objectives, they’ll be reminded that shoring up our national cybersecurity is an uphill battle. Though not insurmountable, we must move forward one step at a time – and we need to focus on making progress now.
Shifting from “Prevention” to “Containment” Strategies
For years, IT leaders across DoD agencies have focused on preventing breaches. However, as the attack landscape widens and new technologies emerge, it’s clear that leaders need to rethink the way they approach protecting U.S. critical infrastructure. The reality is that cyberattacks will continue and breaches will happen, especially as geopolitical tensions grow, and bad actors become savvier.
One approach to address today’s hyperconnected reality is to shift our collective cybersecurity mindset away from “preventing all attacks” to “ensuring mission resiliency This mindset, often referred to as an “assume breach” approach, focuses on proactively having the frameworks and solutions in place to minimize the impact of a breach when it inevitably occurs – preventing it from escalating into a catastrophe or operational disaster.
A leaders transition to this “assume breach” mindset, what does it look like in practice?
Zero Trust Segmentation (i.e., microsegmentation) is one of the most effective ways to achieve this shift. Rather than aiming to keep all bad actors out, microsegmentation focuses on containing them once they break in – stopping bad actors from traversing across networks or devices, quickly minimizing operational risk and reducing downtime when an attack inevitably occurs.
Similar to how cars are equipped with seatbelts and airbags to reduce the fallout of a car accident, microsegmentation adopts a similar mindset: bracing for the worst. While other technologies focus only on preventing an attack from occurring (ensuring your car has strong brakes), microsegmentation assumes bad actors will eventually penetrate defenses (or a crash will occur).
In fact, according to Gartner, by 2026, 60% of enterprises working toward a Zero Trust architecture will use more than one deployment form of microsegmentation. And as DoD agencies work toward achieving Zero Trust across DoD systems by FY 2027, microsegmentation emerges as an essential and urgent foundation.
Prioritizing cyber hygiene
Lastly, containment strategies work most effectively (and are most cost efficient) when you prioritize cyber hygiene. Practicing cyber hygiene includes regularly backing up your data and updating devices, ensuring you have continuous network visibility, regularly running tabletop exercises, and segmenting at the application and workload levels. Cyber hygiene is instrumental in reducing your organization’s risk exposure, and vital in defending against attacks before they can occur.
While protecting critical infrastructure is an ongoing effort, and it must be practiced daily, critical infrastructure holds our nation’s most critical assets, and our nation relies on its defense leaders to do everything in their power to safeguard them. Most importantly, prioritize progress over perfection.
By adopting an “assume breach” mindset, implementing methods like micro-segmentation, and prioritizing cyber hygiene with more rigorous dedication and accountability, defense agencies will be better prepared to contain the attacks that inevitably come their way – putting us all one big step farther down the path to cyber resiliency and mission readiness.
Gary Barlet is Federal Chief Technology Officer at Illumio, a U.S.-based provider of data center and cybersecurity services.