The recent years have shown that companies in the defense industrial base and those providing critical infrastructure are being targeted by nation-state threat actors. Many federal agencies have been urging companies to enhance their cybersecurity measures, and now the Department of Defense has introduced the Cybersecurity Maturity Model Certification (CMMC) as a strict mandate to address these threats.
While achieving adherence to CMMC certainly makes companies a harder target, it does not guarantee safety from advanced threat adversaries like China’s PLA Unit 61398. Compliance with CMMC is a step forward, but true cyber threat protection and resilience requires a proactive and continuous approach to cybersecurity operations.
A cybersecurity veteran with 30 years of experience emphasizes that policy, controls, and secure configurations continuously deteriorate due to other business priorities and IT entropy. Establishing a strong policy and control structure is crucial, but the pace of IT change and the need for businesses to prioritize speed and efficiency often leave gaps for attackers to exploit.
To address this, companies must adopt a Harden-Detect-Respond (HDR) mindset and operational capability. This approach involves proactively identifying, fixing, and returning IT and operational weaknesses to a hardened state, immediately detecting and investigating possible intrusions, hunting and rooting out embedded threats, and quickly containing, mitigating, and responding to incidents.
CMMC and NIST 800-171 mandate most HDR capabilities, but the rigor and depth in realizing them can make the difference between vulnerability and resilience. There are seven critical HDR practices that can help companies achieve resiliency and protection from cyber threats.
Firstly, hardening people through security awareness training can reduce the risk of employees falling prey to phishing and other social engineering attacks. Secondly, hardening IT and cloud infrastructure by conducting routine vulnerability scanning and cloud security posture assessments can help prioritize fixing vulnerabilities and weaknesses most likely to be exploited.
Next, hardening endpoints through properly configured modern endpoint protection and visibility is crucial, as they form the perimeter of a company’s defenses. Moreover, increasing visibility into the IT and cloud environment is essential to detecting threat tactics, techniques, and procedures (TTPs) and deploying advanced detection solutions.
Companies also need to proactively hunt for threats as many are compromised without realizing it, and they must have the capability to investigate and respond to threats 24×7. Prioritizing HDR operations is critical for defense and critical infrastructure companies to protect their inventions and operations from advanced threats.
In conclusion, while CMMC compliance is an essential step, companies need to go beyond this to protect themselves. By prioritizing HDR operations and embracing a proactive and continuous approach to cybersecurity, companies can reliably detect and deter nation-state cyber threats.
Overall, companies in the defense industrial base and critical infrastructure must take these necessary steps to ensure they are resilient and protected from the sophisticated cyber threats they face.