At the Government Technology & Services Coalition (GTSC) Cyber Day 2018 there were a number of fantastic speakers and presentations which discussed aspects of cybersecurity at both high and low levels. Once such presentation which tied them together was one from the Transportation Security Authority (TSA) on Managing the Threat. In this presentation TSA spoke on how companies can ensure good cyber-hygiene practices by patching their systems on a regular basis, and also incorporating two factor authentication passwords. “The two of those together will have you in line with about 95% of the industry.” While patching one’s systems and ensuring system compliance may seem like an easy task, there are occasionally patches which are omitted or neglected for business reasons; such as having adverse affects on applications, or there not being enough time to test and apply a patch after its release. In order to mitigate this risk, TSA explained that companies need to take both a proactive and reactive approach to cybersecurity: “You can stay as compliant as possible, but if you don’t know how to respond to an attack then you are equally at risk.”
TSA discussed a scenario in which the dreaded “bluescreen” knocked out a number of their machines after a security flaw was exposed in their systems. Was this scenario avoidable? Yes. Were there steps taken to mitigate the damage? Yes. This scenario was avoidable because a patch existed which fixed the flaw in their systems, but a decision was made not to install it. While this situation could have had a massive impact on the organization, TSA’s proactive and reactive approaches helped to reduce it. Proactively, their main systems were up to date on all other software patches, so their control centers were not harmed. Reactively, TSA had already put in place documentation for how their security engineers were to act in the event of this type of threat. Specifically, what tools to run, whom to contact, and what group of log files to examine for forensic evidence. Furthermore, they ran through a number of practice scenarios to ensure team members were comfortable reacting in the face of a threat.
One can see that although the TSA systems were ‘mostly’ compliant, it only took one missed patch to expose them. Therefore, if there is any takeaway from this event, it should be that organizations need to be proactive and reactive when considering their systems security: Patch systems on a regular basis, deploy an anti-virus software with constantly updated signatures, and ensure adequate documentation is created so the security team has guidelines for handling attacks, and above all else, run some practice scenarios.