How government cyberattacks disrupt public services and undermine citizens’ trust

In this Help Net Security interview, Rob Greer, VP and GM of the Enterprise Security Group at Broadcom, discusses the impact of government cyberattacks on public services and citizens, as well as the broader implications for trust and infrastructure.

Greer also discusses common vulnerabilities in government IT systems and the potential of AI and public-private collaborations to improve cybersecurity defenses.

What impact do government attacks have on the public sector and services for citizens?

Any attack, whether governmental or not, can impact public sector services and the citizens who depend on them.

As recently as June 3, 2024, Synnovis, a provider of the UK’s National Health Service (NHS), fell victim to a cyberattack that prevented the processing of blood test results and disrupted thousands of patient appointments and surgeries. In 2017, the WannaCry attack, which spread to 150 countries worldwide, crippled the UK’s NHS, limiting ambulance services, patient appointments, medical tests and results, and forcing the closure of various facilities.

In the United States, many private organizations that provide public or critical infrastructure services have been significantly affected by cyberattacks. In 2021, JBS Foods, the largest meat processor in the U.S., was hacked. The company was forced to shut down operations at 13 of its meat processing plants, affecting the U.S. meat supply. A month earlier, Colonial Pipeline was the target of a ransomware cyberattack that sparked a run on gas on the East Coast and required a presidential executive order to allow gas transportation by semi-trailer trucks.

In 2015, a cyberattack in Ukraine caused a power outage for 230,000 households. Since then, the Ukrainian power grid has been repeatedly disrupted by such attacks.

In the United States, we have seen the same nation states use less aggressive but potentially more destructive strategies of espionage and disinformation to undermine public confidence in the electoral system.

These are just a few notable examples. The impacts range from delays and inconveniences to more serious consequences such as reduced capacity of health services and other critical infrastructure. More difficult to calculate is the loss of trust when the public sector is compromised by a cyberattack.

What are the most common vulnerabilities in government IT systems that are exploited by cyber attackers?

Many of the attack techniques we see nation states use are adopted by more common cybercriminals shortly afterward. While nation states have advanced capabilities and visibility that are difficult or impossible for cybercriminals to replicate, the general strategy of attackers is to attack vulnerable perimeter devices such as VPNs or firewalls as an entry point into the network. Next, they focus on gaining privileged credentials while leveraging legitimate software to disguise normal activity while scanning the environment for valuable data or large repositories that they can disrupt.

It is important to note that the commonly exploited vulnerabilities in government IT systems are not significantly different from the vulnerabilities that are generally exploited. Government IT systems are often extremely diverse and therefore vulnerable to a wide variety of attacks. CISA actively maintains a Known Exploited Vulnerabilities Catalog (KEV), which are vulnerabilities that are known to be exploited in the wild and pose an increased risk of exploitation to government organizations using any of the cataloged technologies.

How can governments use AI to strengthen cybersecurity against sophisticated attacks?

AI has been used in cutting-edge security technologies for more than a decade, primarily to detect novel and constantly evolving attacks. Detecting the sheer volume of attacks today and finding the single “needle in the haystack” is not possible with classical technologies, but sophisticated AI techniques can. As a baseline, governments should evaluate their security technology to understand how effective AI and machine learning are at detecting the latest threats.

The advanced features enable infrastructure analysis to identify typical behavior and usage patterns and automatically configure security settings and policies, providing adaptive security that can more effectively detect anomalous activity.

The latest generative AI technologies are also helping to increase efficiency in the security operations center (SOC). GenAI can help SOC analysts understand attacks faster and more comprehensively and guide analysts using natural language. This is especially important as we continue to face challenges in staffing security professionals.

Are there specific regulatory frameworks or policies that need to be implemented or improved?

Currently, there are numerous policies and regulations both domestically and internationally that are inconsistent and have different requirements. These administrative requirements consume significant resources that could otherwise be used to strengthen an organization’s cybersecurity program. Therefore, it is imperative that existing and future cybersecurity regulations are harmonized and policies are considered comprehensively.

The Office of the National Cyber ​​Director’s (ONCD) recent summary of the 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI) shows that the U.S. government understands this problem. The report states that “the lack of harmonization and reciprocity is hurting cybersecurity outcomes while increasing compliance costs through additional administrative burden.” The ONCD is working with other federal agencies as well as the private sector to address these issues by seeking to “simplify the oversight and regulatory responsibilities of cyber regulators” and “significantly reduce administrative burden and costs for regulated entities.”

This is a much-needed measure and it is encouraging to see steps being taken to ensure that cybersecurity regulations are comprehensive, effective and efficient.

What role should the private sector play in supporting government cybersecurity efforts?

The private sector has threat intelligence that is often unavailable to the government, so two-way information sharing between the private and public sectors is critical to combating malicious actors. Partnerships between leading cybersecurity research groups and vendors, such as the Cyber ​​Threat Alliance (CTA), and public-private sector partnerships, such as the Joint Cyber ​​Defense Collaborative (JCDC), help the entire cybersecurity community leverage their combined intelligence to defend our global digital ecosystem.