Remote Government Assessments Keep Security Goals in Reach

Remote Government Assessment Photo by Kevin Ku on Unsplash

Government offices across the country are operating on a skeleton crew and are awaiting the time when we can relax social distancing rules and it is deemed safe to resume normal daily business operations. In the meantime, the Internet is still open for business (and more active than ever). This unfortunately means your office faces a higher risk of cyberattack. One valuable way to help mitigate this risk is by performing a security assessment to discover vulnerabilities and address them before threat actors can exploit them.

Most security assessments are conducted using a physical, boots-on-the-ground approach in which an assessor can interact with your team and observe their security practices. The thorough review involves asking detailed questions leveraging the NIST Cybersecurity Framework (CSF) as a guide.

Currently, the new standard of social distancing has resulted in a lack of physical access to offices making onsite security assessments difficult, if not impossible. This has left the virtual doors wide open for organizations that have not evaluated the strength of their security. So what can you do?

Effective Remote Assessments Require a Proven Process

The time has come to modernize the process of a security assessment to meet this challenge. Conducting a virtual government security assessment using live video, photos and remote access tools enables the business of government to press ahead while gaining all the benefits of traditional, in-person physical and cybersecurity assessment. By using modern tools and allowing for flexible schedules cybersecurity professionals can be virtually anywhere, pun intended, at any given time to:

  • Conduct and complete the NIST CSF assessment and provide the CMMI baseline score,
  • Perform network diagnostics including vulnerability scans, network traffic monitoring, and initial darknet review, and
  • Provide real-time feedback on necessary remediations (fixes) for the customer which all come back to the greatest value of the virtual assessment – time saved in communicating the results.

An Added Benefit of Remote Assessments Is the Opportunity for Efficient Remediation

Once a remote security assessment has been initiated and any actionable items have been identified for remediation, the cybersecurity professional can instantly pivot to remediation as the meeting is taking place. This is perhaps the greatest innovation of all, cutting through all the red tape of the review and the documentation production which can now be performed post-assessment. The most critical items can be identified and addressed rapidly such as identifying software vulnerabilities and providing the necessary patches (unless it’s an End-of-Life system), Incident Response/Continuity of Operations/Information Security plans and policy templates, firewall configuration or addition, and network security configuration and architecture. Many critical items can be corrected reasonably quickly and re-assessed to confirm that the vulnerability or security gaps have been filled, all during the course of the assessment.

By pivoting to a more rapid assessment and remediation model, cybersecurity service providers can deliver the most value to government offices in this very unique time in our society. The malicious actors, criminals and opportunists are constantly finding ways to leverage this crisis by exploiting basic gaps in government security, especially while the victim is being distracted by larger problems and concerns with customer service during these chaotic times. Now more than ever is the time to identify gaps and tighten security, and with this virtual security assessment and remediation method you can be sure that the cyber doors and windows are locked and remain in that status by seasoned professionals.

About the author

Michael Greenman

Michael Greenman is the Director of the State & Local Government Practice at CyberDefenses, where he leads the effort for growing CyberDefenses' client base and communicating with state and local officials in the public sector, while also providing support and assistance to the vulnerability risk assessment and cyber maturity evolution programs. Prior to his employment with CyberDefenses, Michael spent over 16 years in the public sector as a practitioner and a partner vendor in the elections and voting systems market with a variety of roles and responsibilities. Michael earned Master’s Degrees in Cybersecurity and Public Administration from the University of South Florida and is a member of the Election Center.