How Federal Agencies Can Reduce Cyber Risk Posed by Contractors

An agency’s security posture is only as good as its weakest link, and a common weakness lies with  endpoint devices. Potential intruders are constantly probing laptops, smart devices, and other access points, looking for a way into the agency’s network. Add contractors and a greater population of remote workers to the mix, and this attack surface increases substantially. With more people working from home, it’s critical for agencies to ensure their contractors implement a multi-factor authentication solution to help keep remote workers and agency networks secure. Photo by Adeolu Eletu on Unsplash

By Brandon Shopp, VP of Product Strategy, SolarWinds

Federal IT professionals are making strides to address cybersecurity challenges within their agencies. However, there’s still a lot to do to solve the security risks posed by contractors, including accidental data exposure and lack of understanding of IT security policies and procedures.

According to the most recent SolarWinds® Public Sector Cybersecurity Survey Report, more than half of the respondents cited insiders (including those in the contracting community) as the top threat to government organizations.

A similar survey last year found IT security risks are greater with contractors than internal agency personnel.

Courtesy of SolarWinds Worldwide
Courtesy of SolarWinds Worldwide

There’s a range of tactics federal agencies can employ to strengthen their security postures—especially as large portions of the workforce continue to work remotely—and assert control over the way contractors behave inside and outside agency walls.

Security Awareness and Training

Training plays a critical role in helping agencies maintain or improve their IT security. In fact, 77% of federal IT professionals believe investment in training has a significant or moderate impact on the evolution of IT security practices (this number rises to 84% among defense agencies).

Why is training so important? Because many federal contractors process, store, and transmit sensitive government information, agencies must ensure contractors are aware of the security risks associated with their activities and the applicable policies, standards, and procedures.

Training is also required by federal compliance mandates and guidelines, such as FISMA, HIPAA, and NIST.

Each agency is different, but training should be a key element of the onboarding process and revisited every 6 – 12 months to keep step with changing threats, policies, and regulations.

Use Multi-Factor Authentication

With more people working from home, it’s critical for agencies to ensure their contractors implement a multi-factor authentication solution to help keep remote workers and agency networks secure.
With more people working from home, it’s critical for agencies to ensure their contractors implement a multi-factor authentication solution to help keep remote workers and agency networks secure.

Stolen credentials are easy prey for bad actors. New breaches happen all the time, allowing cybercriminals to use stolen passwords and take over any account with the same login details. All it takes is one compromised account to cause a data breach.

Multi-factor authentication mitigates this risk by verifying a user’s identity with multiple credentials before they’re granted access to a system or application. According to Microsoft, multi-factor authentication can help block 99.9% of automated attacks.

With more people working from home, it’s critical for agencies to ensure their contractors implement a multi-factor authentication solution to help keep remote workers and agency networks secure.

Understand and Act on High-Risk Access

Authentication is one way to ensure the user requesting access is who they say they are. However, they must also act on one of the key enablers of insider attacks: too many users with excessive access privileges.

Access control is one of the key components of an agency’s overall security profile, but because of the growing number of users, devices, and systems they need access to, agencies struggle to formally segment users by risk level.

As many as 41% of federal IT operations and security decision makers claim to have privileged users with admin-level access to IT systems who aren’t in IT. Monitoring who has access to what, detecting changes in access rights, and monitoring high-risk accounts can help reduce risk.

(SolarWinds Access Rights Manager (ARM) helps IT and Security Admins meet compliance requirements with centralized provisioning, deprovisioning, management, and audit of user permissions and access to systems, data, and files while protecting their organizations from internal security breaches. Courtesy of SolarWinds and YouTube. Posted on Jul 7, 2020.)

Build Resilience With Endpoint Protection

An agency’s security posture is only as good as its weakest link, and a common weakness lies with  endpoint devices. Potential intruders are constantly probing laptops, smart devices, and other access points, looking for a way into the agency’s network.

Add contractors and a greater population of remote workers to the mix, and this attack surface increases substantially.

Advanced endpoint security can help protect this vulnerable environment. Going beyond simple antivirus software, these tools secure endpoints and the network with layered protection, including network access control, monitoring for indicators of compromise, device patching, anti-malware protection, and other controls and policies.

Lean on Cybersecurity Standards

Because U.S. contractors have become such a frequent target of cyberattacks, an abundance of security guidance has been issued to address the problem.

NIST implements practical cybersecurity and privacy through outreach and effective application of standards and best practices necessary for the U.S. to adopt cybersecurity capabilities.

Rather than reinvent the wheel, this guidance provides an essential framework for building a security program capable of protecting sensitive federal information residing in nonfederal systems.

NIST SP 800-171, for example, provides a useful framework for protecting unclassified information on contractor systems. Compliance mandates and regulations can also help.

Nearly 80% of federal IT professionals find regulations such as GDPR, HIPAA, FISMA, RMF, DISA, and STIGs have had a significant or moderate impact on the development of their security policies and practices.

As the threat and technology landscape evolves, so do these standards—so make sure you revisit them frequently and refresh your agency’s security policies.

About the Author

Brandon Shopp
Brandon Shopp

Brandon Shopp is vice president, product strategy and security at SolarWinds.

Brandon is a High-bandwidth Product Management professional, experienced with a wide variety of software products, business models, M&A, and go-to-market strategies.

His specialties include product management, enterprise management software, networking, systems management, mergers and acquisitions, M&A, application management, networking monitoring, systems monitoring. 

SolarWinds Worldwide a Multi-Award Finalist in Fifth Annual ‘ASTORS’ Awards Program

2019 'ASTORS' Awards Program Banquet Luncheon
2019 ‘ASTORS’ Awards Program Banquet Luncheon

The Annual ‘ASTORS’ Awards Program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit and intelligence to end users in a variety of government, homeland security and public safety vertical markets.

The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.

90% of ‘ASTORS’ Award Winners return to compete in the Annual ‘ASTORS‘ Homeland Security Awards Program, and 100% of ‘ASTORS’ Sponsors have returned year to year to reap the benefits of their participation in the industry’s largest and most comprehensive Annual Awards Program.

2019 ‘ASTORS’ Homeland Security Awards Luncheon at ISC East

The 2019 ‘ASTORS’ Awards Program surpassed expectations with a record number of nominations received from industry leaders and government agencies, and drew over 200 attendees to the ‘ASTORS’ Awards Presentation Banquet – an exclusive gourmet luncheon and networking opportunity which filled to capacity, before having to turn away late registrants.

The 2019 ‘ASTORS’ Awards Luncheon featured an impassioned and compelling keynote address by William (Bill) Bratton, former police commissioner of the NYPD twice, the BPD, and former chief of the LAPD, on the history of policing in America and the evolution of critical communication capabilities in our post 9/11 landscape.

The event featured an impassioned and compelling keynote address by William J. Bratton, former police commissioner of the New York Police Department (NYPD) twice, the Boston Police Department (BPD), and former chief of the Los Angeles Police Department (LAPD), as he walked attendees through 50 years of American policing history, the impacts on the communities, and the evolution of critical communication capabilities in our post 9/11 landscape.

Commissioner Bratton, one of the world’s most respected and trusted experts on risk and security issues and Executive Chairman of Teneo Risk a global advisory firm, was recognized as the ‘2019 ‘ASTORS’ Person of the Year’ for his Lifetime of Dedication and Extraordinary Leadership in Homeland Security and Public Safety.

The 2020 ‘ASTORS’ Awards Program is sponsored by ATI SystemsAttivo NetworksAutomatic SystemsDesktop Alert, X.Labs and Reed Expositionsevery one a returning Sponsor from 2019.

Why the ‘ASTORS’ Homeland Security Awards Program?

2019 ‘ASTORS’ Homeland Security Awards Luncheon at ISC East

American Security Today’s comprehensive Annual Homeland Security Awards Program is organized to recognize the most distinguished vendors of physical, IT, port security, law enforcement, and first responders, in acknowledgment of their outstanding efforts to ‘Keep our Nation Secure, One City at a Time.’

Over 200 distinguished guests representing Federal, State and Local Governments, and Industry Leading Corporate Firms, gathered from across North America, Europe and the Middle East to be honored among their peers in their respective fields which included: 

  • The Drug Enforcement Administration (DEA)
  • National Center for Missing and Exploited Children (NCMEC)
  • United States Marine Corps
  • The Federal Protective Service (FPS)
  • Argonne National Laboratory (ANL)
  • United States Postal Inspection Service
  • DHS S&T 
  • United States Marshals Service (USMS)
  • The Port Authority of New York & New Jersey Police (PAPD)
  • The Department of Justice (DOJ)
  • The New York State Division of Homeland Security & Emergency Services (NYS DHSES)
  • United States Border Patrol
  • AlertMedia, Ameristar Perimeter Security, Attivo Networks, Automatic Systems, Bellevue University, BriefCam, Canon U.S.A., CornellCookson, Drone Aviation, FLIR Systems, Hanwha Techwin, HID Global, IPVideo Corp., Konica Minolta Business Solutions, LenelS2, ManTech, Regroup Mass Notifications, SafeLogic, SolarWinds, Senstar, ShotSpotter, Smiths Detection, TCOM LP, Trackforce, Verint, and More!

From innovative Military Cyber Programs, to LocalState and Federal Public Safety and Emergency Management Initiatives, New Physical and IT Products and Services, and Security Professional, Threat Assessment, Emergency Preparedness, Law Enforcement and Homeland Security Education and Training Opportunities – Join your ‘ASTORS’ Award-Winning Peers and Receive the Recognition You Deserve!

Excellence in Public Safety and Government Security Award Nominations are also encouraged, such as those 2019 Honored Winners which includes the DEAU.S. Marine CorpsDHS S&TFederal Protective ServiceDHS S&T NUSTLU.S. Marshals ServiceU.S. Border PatrolThe Port Authority of NY/NJ, and the NYS Division of Homeland Security & Emergency Services.

Individuals are also encouraged to be nominated for Government Excellence in Public Safety and Homeland Security such as last years widely respected recipients.

Why American Security Today?

The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.

The traditional security marketplace has long been covered by a host of publications putting forward the old school basics to what is Today – a fast changing security landscape.

American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State and local levels of government as well as firms allied to government.

American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers eyes throughout the story with cutting edge editorial that provides solutions to their challenges.

Harness the Power of the Web – with our 100% Mobile Friendly Publications

AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.
AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.

The AST Digital Publications is distributed to over 75,000 qualified government and homeland security professionals in federal, state and local levels.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

AST Reaches both Private & Public Experts, essential to meeting these new challenges.

Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.

American Security Today

These experts are from Government at the federal, state and local level as well as from private firms allied to government.

AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.

AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.

Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.

To learn more about the 2019 ‘ASTORS’ Homeland Security Award Winners solutions, please go to the 2019 ‘ASTORS’ Championship Edition Fully Interactive Magazine – the Best Products of 2019 ‘A Year in Review’.

The ‘ASTORS’ Champion Edition is published annually and includes a review of the ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firms products and services, includes video interviews and more.

It is your Go-To source throughout the year for ‘The Best of 2019 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and organization’s most pressing Homeland Security and Public Safety needs.

From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2019 ‘ASTORS’ CHAMPIONS EDITION will have what you need to Detect, Delay, Respond to, and Mitgate today’s real-time threats in our constantly evolving security landscape.

It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2019 ‘ASTORS’ Awards Program.

SolarWinds Worldwide Wins BIG in 2019 ‘ASTORS’ Homeland Security Awards Program

2019 'ASTORS' Awards Program Banquet Luncheon
2019 ‘ASTORS’ Awards Program Banquet Luncheon

SolarWinds Worldwide

  • Best Security Incident & Event Mgmt (SIEM) Solution

  • SolarWinds Log & Event Manager

  • SolarWinds Log & Event Manager (LEM), is a security information and event mgmt (SIEM) virtual appliance that adds value to existing security products and increases efficiencies in administering, managing, and monitoring security policies and safeguards on your network.

  • Best Identity Access Mgmt (IAM)

  • SolarWinds Access Rights Manager

  • SolarWinds Access Rights Manager (ARM) helps IT and Security Admins meet compliance requirements with centralized provisioning, deprovisioning, management, and audit of user permissions and access to systems, data, and files while protecting their organizations from internal security breaches.

  • SolarWinds Access Rights Manager (ARM), manages user access permissions correctly to help prevent insider threats and data breaches while helping IT and Security Admins meet compliance requirements.

  • Best Network Security Solution

  • SolarWinds Network Configuration Manager

  • SolarWinds® Network Configuration Manager (NCM) saves time and improves network reliability and security by managing configurations, changes, and compliance for routers, switches, and other network devices from Cisco, Juniper, HP, Dell, Brocade, F5, Aruba, Rukus, and more.

  • It is a network configuration tool to manage configs through automation, backup, and policy management.

  • *SolarWinds has been recognized in the 2019, 2018, 2017 and 2016 ‘ASTORS’ Homeland Security Awards Program.

For more information about advertising opportunities with American Security Today, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

  • Provides named sources
  • Reported by more than one notable outlet
  • Includes supporting video, direct statements, or photos

Subscribe to the AST Daily News Alert Here.

Learn More…

People & Tech an Effective One-Two Punch in Gov’ts Cybersecurity Battle