Public Sector Network Security: A Race Against Time

As we move more and more of our government-citizen interactions online, making sure we have access to those services becomes increasingly important. After all, we don’t want to be collateral victims of a DDoS attack on a government server just as we’re trying to submit our tax returns. Even more important is ensuring the personal information that the public sector (both local and national government) stores is secure.

Databases of government-held information are the most worrying, whether they’re run by central or local government, or by government agencies. Somewhere in there are records of your tax payments, bank accounts, social security number, pensions, home address, or health records. It’s an extensive list that gets longer and more detailed every year.

While public sector IT departments do the best they can, they’re often the last to get budget increases or access to new technologies. In the arms race with malware and black hat attackers, they’re often left using the equivalent of slingshots to defend valuable data from high tech armies.

Secure public sector personal data against exfiltration

Threats on government data aren’t just from the traditional black hats; there’s also the risk of nation state-sponsored attacks and data exfiltration. While it happened in 2015, the theft of the personal records of 21.5 million people from the US government’s Office of Personnel Management remains one of the largest breaches of government data, one that in conjunction with data thefts from various other consumer services put many people at risk of blackmail.

Combining attacks and exfiltration with big data across multiple thefts is an increasing risk, and can be used as the basis of large scale identity theft. With exfiltration by novel routes like DNS tunneling becoming common, it’s important for anyone hosting large amounts of citizen data to have the appropriate tools to protect it, and to lock down the ways it can leave their networks. Meanwhile, in India, a cybercrime group is threatening to dump stolen government emails, in a move similar to the exposure of internal mails from the US Democratic Party.

Thanks to a rise in ransomware attacks, this problem has become one of the most important for public sector IT to deal with. Not only are attacks now targeted, focusing on high-value data that’s essential to an organization’s operation, they’re also being used as a way of covering up data exfiltration. Instead of leaving a network once key data has been stolen, an attacker will now leave ransomware – either getting a second payment for the same data, or watching their tracks be covered up by IT teams wiping and reinstalling compromised systems and recovering data from backups.

Hospitals and health services around the world are valuable targets too, hosting a plethora of personal information, and requiring access to their data to ensure the health of citizens and patients. Attacks on the health system can happen anywhere, with recent incidents in the US and the EU.

Ensure access at all times… DDoS attack or otherwise

As with commercial services, much of the public sector remains vulnerable to DDoS. Recent DDoS attacks have notably affected the UK inter-university academic network, JANet, as well as government systems around the world. As DDoS tactics shift to UDP and to protocols with a high end-user magnification factor, it’s important to put in place the appropriate protection – and that’s not just using cloud services and proxies. It’s not just universities at risk, government web services are also a target, as was recently the case in the Philippines.

DDoS doesn’t mean an attack, either. You might be in a position where a service designed to handle a relatively low usage level suddenly becomes popular. This happened in the UK, when the web service used to register voters for its EU referendum registration was overloaded during the last day or so of registration. The UK government had to both upgrade the service and then extend registration deadlines in order to support demand.

Getting architectures and implementations right is key for any citizen-facing service. Outages might be due to failures in hardware and software, or in systems integration rather than as a result of security or performance issues. Problems with new systems can affect staff and end users, as was recently shown by a series of outages at the UK Post Office.

Situations like that may not be common, but they do affect the level of trust citizens have in government online services. Designed systems that are both secure and robust; able to handle both attackers and high amounts of traffic from intended users are essential. This means using specialized hardware, and not off-the-shelf software like the DNS servers bundled with most operating systems.

As governments move to prioritizing digital interactions with citizens, public sector web services are the heart of an important relationship – ensuring they are secure and protected from all types of attacks is key.