Weak Security Checks and Balances Compound Privileged Access Risks
June 22, 2018 | Security and Risk | Adam Bosnian
The U.S. Department of Interior recently released a report concluding that two dams critical to national security operate with an elevated risk of insider attacks – too many employees have access to admin accounts and industry best practices are not followed.
The dams are among five operated by the U.S. Bureau of Reclamation. The report finds that account access isn’t always revoked when employees leave, and the agency isn’t conducting robust enough background checks for employees with high-level privileges. The full report can be found here.
Even though cyber security best practices are well documented and critical infrastructure is a known target, we continue to learn about security gaps that should be addressed with high priority. It’s a fact that employees need a certain amount of privileged access to do their job successfully. Best practices account for this – giving an appropriate level of access for employees while following a “trust but verify” approach. If proper controls are not in place and followed, organizations are exposed to risks with known and unknown consequences.
Would an employee compromise a system from within, disrupt operations and potentially conceal malicious activity? Yes, we see the headlines regularly, and this isn’t a new problem. For example, in 1999, a former employee with a pirated copy of control system software and a two-way radio transmitter wreaked havoc on a sewage system in Australia, stopping pumps and alarms and allowing thousands of gallons of sewage to flood the landscape. (The “Maroochy Incident” is discussed in an episode of the “Malicious Life” podcast: http://malicious.life/episode/episode-7-stuxnet-part-1/ ).
When it comes to government agencies and exploiting privileged access, names such as Edward Snowden, Chelsea Manning and Joshua Schulte readily come to mind.
Trying to stop insider attacks from a human-centric approach is impossible, simply because humans are unpredictable. What is predictable, though, is that attackers need to exploit privileged access to reach sensitive information and exfiltrate it. For this reason again, security controls must be in place.
While some may argue that operational concerns override security, it is possible to achieve an effective operational and security balance. Locking down privileged access is an effective way to break the attack chain, and CyberArk has the framework and the tools to jump start and improve security for organizations both in the private and public sectors. Even more specifically, CyberArk solutions provide steps to safeguard critical infrastructure.
Some items to consider when balancing operational and security concerns:
- Identify and prioritize privileged access within the environment.
In order to identify which accounts need to be protected and which need to be restricted, it is important to assess the environment’s status. CyberArk’s Discovery and Audit (DNA) tool can help organizations locate privileged accounts and discover whether the accounts are currently active. Once organizations know the full status of their privileged accounts, it is easier to create a security plan to monitor and control access.
- Tackle the highest risk access first.
Once privileged access has been identified, the organization can plan for a privileged access security hygiene program. CyberArk has tools to promote and provide for protecting privileged access in a variety of ways, including vaulting credentials (Enterprise Password Vault), isolating sessions that use those vaulted credentials (Privileged Session Manager), and continuously monitoring usage of those privileged accounts and responding when necessary (Privileged Threat Analytics).
- Enforce principles of credential boundaries.
Separate assets into tiers according to criticality of systems and then allow access to accounts that can authenticate into those assets. For example, Tier 0 are absolutely mission-critical assets; Tier 1 are any servers that do not fall into Tier 0; and Tier 2 include endpoints. Each tiered asset should only have accounts that are accessible within its tier. The idea is that if an attacker compromises a workstation that is in Tier 2, they cannot move laterally to Tier 0 and 1 assets.
- Promote cyber hygiene best practices.
It’s one thing to have the proper tools – it’s another thing entirely to utilize those tools strategically to the organization’s best advantage. Password vaulting and management, isolation of privileged account access and limiting the number of users with administrative privileges all combine to reduce the organization’s attack surface.
Removing passwords from the hands of admins, so that they don’t have to remember passwords, write them down or save them in easily accessed documents, makes their lives easier – an operational win. Vaulting those passwords and securing credentials where they are not easily breached or stolen is a win for security. Organizations do not have to choose between the two, as long as they use the right tools in the right setting.
Read our whitepaper to learn more about the CyberArk Privileged Access Security Cyber Hygiene program, and visit cyberarkvx.staging.wpengine.com to learn more about how CyberArk solutions can assist in securing Industrial Control Systems