This month, Cybersecurity and Infrastructure Security Agency (opens a new window) (CISA) issued an alert (opens a new window) that Chinese-backed hacking group Volt Typhoon has compromised the IT environments of multiple Critical Infrastructure organizations as part of a larger plan to “compromise and maintain persistent access to U.S. Critical Infrastructure.” At the same time, cyber operations are continuing to prove essential to the war in Ukraine (opens a new window). Evolving cyberthreats coupled with the rise of new cyber warfare applications should prompt the United States and its federal agencies to bolster the security of their digital operations, as cybersecurity is increasingly becoming essential for national security.  

Despite agencies’ efforts, there’s evidence that cracks persist. After nine years and nearly 50 recommendations (opens a new window), the Department of Energy (DOE), which houses highly sensitive information regarding the country’s nuclear resources, has yet to implement the recommended Insider Threat Program. Across the board, it’s time for federal agencies to prepare for the next era of warfare by upping their cybersecurity defenses. Let’s take a closer look at what that means.  

Laying a strong cybersecurity foundation 

Agencies like the DOE must be prepared for everything from insider threats to attacks from international military foes. Implementing zero-trust network architecture and the principle of least privilege is the first step to laying a strong cybersecurity foundation. As the name implies, zero trust requires all users and devices to verify their identity each time they access data or systems. This prevents malicious actors from weaseling into the network. Moving laterally throughout it, and potentially accessing nuclear data or other sensitive information.  

Relatedly, the principle of least privilege ensures employees are only given access to the resources they need to do their job. Eliminating the risk of the wrong person gaining access to confidential data. Multifactor authentication serves a similar purpose. These efforts are essentially the digital version of having guards at the gate—particularly since the traditional perimeter no longer exists.  

Zero-trust network architecture is best complemented by user activity monitoring (UAM), as it can quickly identify any anomalous behavior that might represent a threat. In a nutshell, UAM gathers a baseline of user behavior so that risky behavior can be flagged, assigned a risk score, and remediated. But most insider threats are actually the result of human error. When it comes to a strong cybersecurity foundation, ongoing diligence regarding who has access to what on the network is critical and cannot be overlooked. 

Layering in proactive solutions for Critical Infrastructure

With a strong cybersecurity foundation in place. Agencies can begin to layer in proactive solutions and fail safes, starting with Content Disarm and Reconstruction (CDR). This technology assumes all data entering the network is unsafe. Which is especially critical as bad actors often embed malware in complex code —malware that cannot be detected by standard virus scans. CDR strips every file—from PDFs to Google docs—down to its essentials before being reconstructing the file in a safe, clean manner. When these solutions are layered on top of a zero-trust network architecture, agencies’ cybersecurity posture is much more comprehensive and critical data is much more likely to remain safe. 

The bottom line 

Now more than ever, protecting critical infrastructure means improving cybersecurity. The Volt Typhoon hacking group is just one warning sign of what’s to come. Attacks on healthcare organizations in 2023 (opens a new window) breached data on more than 61 million people, critical infrastructure has remained a top target throughout the war in Ukraine, and the overall list of attacks on government agencies and entities continues to grow (opens a new window). 

The federal government, and the DOE in particular, must be prepared for malicious attacks and insider threats. To do so, agencies need to lay a strong foundation of cybersecurity using zero-trust architecture, before layering in additional proactive measures. The bottom line is that securing critical infrastructure through cybersecurity is the only way to secure the country’s nuclear reserves and ensure national security.