The nation is currently attempting one of the largest logistical feats in its history: mass vaccination against COVID-19. Federal agencies have been at the forefront of this fight: collecting, managing, and analyzing critical information about the virus, the vaccine, its effects on the health and economic wellbeing of American citizens and people worldwide, and more. The government has been tasked with not only managing our response to the COVID-19 pandemic, but also with protecting mission critical, sensitive, Personally Identifiable Information (PII), Health Insurance Portability and Accountability Act (HIPPA), and commercial industry Intellectual Property data associated with it.

Protecting COVID-19 Data

Due to the global nature of the pandemic, nations are racing to develop a vaccine and protect all the data associated with COVID-19. My panel participant, Jennifer Franks, Director of Information Technology and Cybersecurity at the GAO, did an exceptional job outlining the variety and amounts of COVID-19 data that needs to be protected. With the development of the vaccine, government agencies and their private sector partners in the pharmaceutical and healthcare industries have also had to protect information on vaccine development and distribution.

The biggest risk and cybersecurity challenge is having to protect the vast amount of COVID-19 data and protect it across a very distributed architecture. Nation-state actors are certainly very interested in COVID related data and that makes it a target. In January 2021 alone, the Fidelis Threat Research Team saw 79% of that month’s events targeted towards the Government vertical. Attackers can use COVID-19 data to disrupt vaccine supply chain and distribution, exploit citizens’ personal information and more. So what can be done to protect, detect, and respond to attempts by sophisticated threat actors to access this information?

One small part of the solution is data privacy regulations. The government has security and privacy controls in place to provide agencies a foundation of protection. While the vaccination roll-out is just beginning, many people are wondering when they’ll be able to return to their “normal” lives and what that will entail. Specifically, will you need to be vaccinated to return to work, visit loved ones, or travel and how will countries support a “Health Passport” to prove your eligibility to move about freely?

The federal government will have to work with private sector industries to drive that initiative with privacy in mind and policies in place. While COVID-19 accelerated the government’s digital transformation, there is still more to do to ensure citizens and organizations are protected from malicious attackers.

Proactive vs. Reactive Security Strategy

In my experience, many organizations react to threats instead of developing a proactive strategy to defend against them. Jennifer mentioned having preventative measures in place, including implementing access controls to provide accountability and privacy from the start, vulnerability scanning, and audit programs. These preventative measures are all about increasing the work factor for an attacker to gain access to your infrastructure and are absolutely essential.

Proactive defense is focused on detecting sophisticated threat actors that, despite your best efforts, have breached your defenses – most likely using unknown (zero day) attack vectors like we recently saw as part of the SolarWinds attack. For these unknown attack vectors, early detection and validation of anomalous activity is key – essentially focusing your security team on anomalous activity within your networks so that the activity can be investigated and blocked if it turns out to be unauthorized or malicious.

What are the key elements of proactive defense?

• Threat focused analytics to identify and correlate interesting and anomalous events and provide context surrounding the events
• Full visibility through an integrated security stack across and within endpoints, networks, and cloud workloads
• Perform deep inspection and analysis of anomalous activities
• Use the Deception system to lure attackers
• Integrated Deception tools to improve confidence and correlation of attacks