The Federal Government, as a custodian of vast amounts of confidential data, is a prime target for cybercriminals. Recent public warnings have revealed that these attackers are primarily foreign governments, including China, North Korea, Russia, and Iran. This escalating threat underscores the urgent need for robust cybersecurity measures.

Recent high-profile incidents, such as the CISA emergency Ivanti disconnect directive and the Microsoft Exchange zero-day attack, have demonstrated the evolving nature of cyber threats. As new technologies emerge, cyber-threat tactics and techniques also evolve. To stay ahead, the federal government must adopt best practices and reliable solutions to protect against these vulnerabilities.

Last year, HCLSoftware and GovExec conducted research surveys that provided valuable insights into how federal agencies are addressing Endpoint Security and Application Security. Such research can be instrumental in shaping federal cybersecurity strategies. The HCLSoftware for Federal's editorial team sought the perspectives of William Crowell, a prominent cybersecurity consultant and former Deputy Director of the National Security Agency, and Emily Baugher, Head of Federal at HCLSoftware, to interpret the data.

“Cyber-attacks are a low-cost, low-risk way of undermining our national infrastructure and the government services that support our national economy and national security,” says Crowell. “Such attacks are becoming commonplace because attribution to a specific attacker is very difficult, and without attribution it is difficult to lay blame or retaliate for attacks that threaten our continued safety and security for the country."

The Findings

In a 2023 Insights & Research Group survey, 70-79% of respondents disclosed that their agencies’ top endpoint security challenges are managing every workstation, server, and mobile device and accessing known critical vulnerabilities in near real-time. Over half of the respondents said they are using three or more tools for endpoint security, while 14% were unaware of how many tools their organization may be using.

About 85% of government employees who participated in the survey disclosed that they are considering application security as part of their overall security initiatives. About 43% of respondents felt they have integrated security tools for security processes but could implement stronger practices. Most respondents (75-82%) thought that the top three application security challenges their agencies have are:

• Finding application vulnerabilities

• Lack of staff with the necessary expertise

• Remediating application vulnerabilities quickly

“While it is encouraging that 85% of employees understand that application security needs to be part of their overall security posture, that leaves 15% who may be treating application security in a silo,” commented Baugher. “Continuous monitoring can be challenging for federal agencies that manage multiple homegrown applications throughout their software development lifecycle.”

Escalating Threat Environment – The Importance of Endpoint and Application Security

Each day, the federal government fends off thousands of cyberattacks from adversaries. A M-Trends 2023 report shows how the federal government is the number one target by a wide margin with 25% of all attacks. Some of these attacks are simple phishing emails to trick a preoccupied federal employee. Others are more sophisticated and can target the nation’s most precious data assets and infrastructure. In fiscal years 2021 and 2022, federal agencies reported 32,511 and 30,659 information security incidents, respectively.

Endpoints are physical devices that connect to a network, such as mobile devices, desktop computers, servers, and medical devices. These endpoints can become doorways through which cybercriminals can exploit systems and steal information. Endpoint security safeguards connected devices from malicious actors and exploits by examining files as they enter the network and then addressing threats in real time.

Using an endpoint security solution allows agencies to monitor devices and quickly detect malware and other standard security threats before cybercriminals can attack. Without such visibility into endpoints, federal agencies are in the dark regarding attacks.

To aid in endpoint security and reduce the risk of cyberattacks against the government’s digital infrastructure, the White House has instructed federal agencies to officially move towards a Zero-Trust approach to cybersecurity. This cybersecurity approach eliminates implicit trust, denies access to digital resources by default, and grants authenticated users tailored access to only the applications, data, services, and systems they need to do their jobs. Endpoint security is foundational to this approach.

"Zero Trust is a fundamental security concept that attempts to protect digital assets in the same manner that we have historically protected physical assets,” explained Crowell.  “In Zero Trust, we require individuals and systems to authenticate themselves to each enclave of information to establish their need for the information to do their job.  We also protect access to applications to ascertain the rights of users to access the data contained in, or accessed by specific, applications."

Application Security (AppSec) is another vital piece of a stronger cybersecurity posture. Application security involves using software, hardware, techniques, and best practices to protect applications against external security threats. Proactive application security measures include predicting and preventing an attack before it happens, fixing security gaps before they can be exploited, and mitigating the highest risks to stay ahead of potential attackers.

Application security testing (AST) is essential to proactively deterring cyber threats. AST pinpoints application vulnerabilities for quick remediation in every phase of the software development lifecycle.

Moving Forward

The U.S. Government Accountability Office (GAO) has made over 4,000 recommendations for federal agencies to address cybersecurity shortcomings. However, over 880 of these have not yet been fully implemented. Until these issues are addressed, federal systems will be increasingly susceptible to cyber threats.

Improved endpoint and application security are critical to the GAO’s cybersecurity recommendations. These security considerations are vital to safeguarding the abundance of federal systems and information and the nation’s dispersed critical infrastructure.

The federal government does not have enough employees with the required cybersecurity skills, which makes it nearly impossible for every agency to keep up with the copious number of systems used and address the thousands of cyberattacks that are attempted daily. The federal government must partner with the private sector to manage the immense need for endpoint and application security.

“Agencies need to build a best-in-class cybersecurity program that provides dynamic security and easier management, no matter how many disparate tools or operating systems the agency has in place,” Baugher told us. “HCLSoftware technology has a long history of expertise and experience working in federal government environments, and our products are proven and battle tested. We can help meet today’s threats - and also what comes next.”

View the Industry Insights Brief here.