National Cybersecurity Strategy: How a reinforced IAM program can improve the security posture

What is the National Cybersecurity Strategy?

In March 2023, the US Government released the highly anticipated National Cybersecurity Strategy (NCS) report. This report requires that government organizations and private companies build robust cyber defense strategies amid the rising cyber threats. This NCS comprises of five key pillars to make the digital ecosystem more defensive, effective, and resilient. The five pillars are:

• Defend critical infrastructure
• Disrupt and dismantle threat actors
• Shape market forces to drive security and resilience
• Invest in a resilient future
• Forge international partnerships to pursue shared goals

The NCS expects government and private organizations to put concerted and voluntary efforts for a strong defense against emerging cyber threats. Besides, the NCS demands relevant and adequate usage of IT security tools in a coordinated manner that can protect national data and ensure economic prosperity.

Some Examples where Vulnerable Critical Infrastructure was targeted

• In the middle of 2020, the ICS (Industrial Control Systems) command for water systems of a Middle East-based nation was compromised and the control systems for the pumping stations were attacked. It resulted in disruption of water supply and sewage services for indefinite periods.
• In the same year one of the largest telecom service providers faced a data breach incident that compromised the record of more than 600 corporate clients. The victim hosted the data in hybrid environment. A security vulnerability in the operations server allowed the breach to happen in the company’s information management server.
• Again, in the same year, a government organization from the Asia Pacific region suffered an IT incident due to unauthorized third-party access. Security breach of an online application system resulted in data compromise of 26000 customers.
• In the beginning of 2018, a Parliament in Western Europe was hit by a brute force attack disrupting the email service. An external source tried to gain access to mailboxes of assembly members forcing affected users to change passwords.
• In 2019, personal information of 92 million citizens was breached from the government database in South America and was put up for sale on the dark web.

We could assess how disastrous cyber-attacks can be on critical infrastructure, if the potential damage inflicted by these threat actors are ignored. 

Who are the threat actors?

• Malicious Insiders – who possess access rights to confidential business information
• Third-Party – the external users who access the organization’s systems and applications for maintenance, storage and other regular activities 
• Nation States – the rogue nations who always try to destabilize democratically elected governments by stealing information or spying on their infrastructure of national interest
• Organized Cybercriminals – who harm organizations by stealing/encrypting/or compromising government and private organizations’ confidential data for financial gains

How does Identity and Access Management (IAM) help in building a resilient IT security posture?

In the NCS report, the US government has specifically emphasized reinforcing identity-first security. The report states that, “Enhanced digital identity solutions and infrastructure can enable a more innovative, equitable, safe and efficient digital economy.”

Quite rightly said. Amid the acceleration of digital interaction, more and more organizations host their data in distributed data center environments, multi-cloud environments, managed service environments and hybrid environments. Thousands of human and digital (non-human) identities are being created that constantly interact with mission-critical applications, business and IT (Information Technology) infrastructure assets. These identities, if not provisioned, de-provisioned (on time), monitored, controlled and governed based on the user roles, there are very high chances of breaches and identity abuse from compromised individuals (insiders), including third parties.

In such a scenario, it is highly imperative to ensure that the right user is accessing the right resources at the right time for the right purpose. It not just secures the enterprise resources from unauthorized access but also strengthens the compliance framework.  Identity and access management (IAM) provide the foundation for a robust cybersecurity policy. A robust IAM practice helps organization to manage the lifecycle of digital identities seamlessly, their governance and security at an enterprise level.

Furthermore, a robust and holistic IAM practice streamlines employee experience in the workplace and supports digital initiatives by improving business agility, efficiency and competitiveness. As a result, employee productivity is enhanced.

Conclusion

The National Cybersecurity Strategy is a message to the whole world about the importance of robust IAM practices in a continuously evolving IT environment. Identity Access Management plays a significant role in managing ever-increasing number of digital identities, addressing emerging threats, improving IT security posture, enhancing digital initiatives, and building a strong compliance framework.