Federal CyberUncertainty - KVM XYZ

Federal agency CISOs are already focusing hard on CDM, FISMA, HSPD 12, and TIC – but it’s time to throw another acronym into the mix, and this one spells

common sense productivity for the classified and sensitive-data communities.

A Growing Threat

Internal and External VulnerabilitiesTop agency vulnerabilities5

Denial ofService Attacks

48%Non-publicInformation

45%AgencyNetwork

44%Classified or

Protected Information

39%System Admin

Accounts

37%

73%

increase in the number of incidents agencies report to the Federal

information security incident center over the past 6 years

680% 45%

data records containing bank account information or social security numbers were compromised in 27 government

data breaches in 2014 alone3

1.73 MILLION

Alphabet Soup

Agencies lack confidence in (and compliance with) major Federal cyber security initiatives.

FISMA6:Just over half of Feds say FISMA has improved security at their agency

Only 27% were fully compliant with FISMA in the fall 2013

27%86% believed FISMA compliance increased costs

of Federal officials cite cyberattacks as the greatest

threat to national security (20% higher than terrorism)4

1 http://www.bostonglobe.com/news/nation/2014/11/10/federal-government-struggles-against-cyberattacks/8ls3WW4Q5baJ9iIO5DPqfM/story.html 2 http://www.techamerica.org/Docs/TechAmerica_2014_CIO_Survey%20(2).pdf3 http://www.informationweek.com/government/cybersecurity/4-worst-government-data-breaches-of-2014/d/d-id/1318061 4 http://www.gssfedsales.com/wp-content/uploads/2014/11/2015-Government-Technology-Trends.pdf5 MeriTalk, The Heart of the Network, 2015.6 MeriTalk, FISMA Fallout: The State of the Union, 2013.

Between 2009 and 2013, the number of reported breaches on U.S. Federal computer networks rose1

Pass the KVM Spelling TestSecure switches:

The Need for KVM Security The Need for KVM Security

CDM1:

TIC3:

Despite all of the PIV cards issued:

HSPD-122:

5.3 million unprivileged user accounts (limited access) can log onto Federal networks with only a user ID and password

134,287 privileged user accounts (admins with access to everything) are just using user ID and passwords (instead of PIV)

56% of agencies can measure CDM implementation success – but only 44% are experiencing better security as a result

44% of of Federal agencies say they lack knowledge about how to implement CDM

In fiscal 2014 agencies passed 95% of traffic through a TIC or an equivalent Managed Trusted Internet Protocol Services (MTIPS) provider – while successful, TIC is cumbersome for mobile access and reduces easy access to data and apps*

Peripherals (such as a keyboard or mouse) have the ability to both send and receive data, creating a security gap

Endpoint security controls that are notcurrently implemented6:

Data Loss Prevention (DLP)

Application whitelisting

Endpoint encryption

Host-based intrusion prevention(HIPS)

60%

59%

53%

42%

A significant amount of government data resides on endpoints – but 66% of Feds say they are missing measures for endpoint security management4

Insider Threat - Nearly half of IT and IT security decision makers said government data is most at risk of breach from employees' or contractors' desktops or laptops5

66%

Here’s your MAP to KVM solutions:

M

A

MONITOR and secure peripheral devices, including USB portusage, understand system features, and buy from reputable firms

AVOID non-secure KVM switches, microphones, & data buffering;ALWAYS examine casing & design to ensure the external housingof the switch is tamper proof

PROTECT video vulnerabilities, isolate data, and isolate the CACreader

P

Eliminate bi-directional data flow

Enable sharing of a single set of peripherals among several computers,while ensuring clear separation between disparate networks

1 https://www.sans.org/reading-room/whitepapers/analyst/continuous-diagnostics-mitigation-making-work-35317 2 http://www.secureidnews.com/news-item/u-s-federal-agencies-lagging-with-piv-strong-authentication/3 http://www.federalnewsradio.com/473/3832035/DHS-trying-to-smooth-the-integration-of-cloud-network-security-programs4 MeriTalk, The Heart of the Network, 2015.5 https://thwack.solarwinds.com/thread/713686 http://www.mcafee.com/us/resources/misc/infographic-risk-of-free-av.pdf