Shift in Cybersecurity: Transition from Specialist to Elite, Collections of Security Tools

Shift in Cybersecurity: Transition from Specialist to Elite, Collections of Security Tools

In a bid to bolster the security of national security systems, the National Security Agency (NSA) has issued eight emergency directives (EOD) and three binding operational directives. This move comes in response to the growing risk posed by the improper configuration of security controls in cloud environments, which has led to actual compromises in recent cybersecurity incidents [1].

The shift towards cloud services has brought about benefits such as elasticity and functionality that cannot be achieved with on-premise technology. However, it has also introduced new challenges. Agencies are realizing that there are hidden costs associated with the transformation of systems and applications to the cloud, and they are expecting budget reductions in fiscal 2026 [2].

To address these concerns, the NSA, in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), has recommended 10 key ways for agencies to keep their cloud services secure. These recommendations emphasize hardening authentication, limiting remote access risks, and ensuring data protection [3].

1. Implement phishing-resistant multi-factor authentication (MFA): Agencies are advised to use phishing-resistant MFA solutions such as FIDO/WebAuthn or Public Key Infrastructure (PKI)-based MFA to resist phishing, push bombing, and SIM swap attacks.
2. Limit the use of Remote Desktop Protocol (RDP): Agencies should strictly limit the use of RDP and other remote desktop services and, when necessary, rigorously apply best practices like auditing, closing unused ports, enforcing account lockouts, applying phishing-resistant MFA, and logging/monitoring login attempts.
3. Maintain offline backups of data: Agencies are encouraged to maintain offline backups of data and regularly test restoration processes to reduce disruption risk from ransomware or data extortion.
4. Implement a recovery plan: Agencies should create a recovery plan that maintains multiple copies of sensitive or proprietary data and servers in physically separate, segmented, and secure locations.
5. Comply with NIST standards for password policies: Agencies must comply with NIST standards for password policies for all accounts using passwords, including service accounts and administrative accounts.
6. Harden authentication and authorization mechanisms: Agencies should harden their authentication and authorization mechanisms by improving token technology, secrets management, access control, logging, and forensic capabilities.
7. Apply continuous cloud identity security practices: Agencies should employ automated data discovery and classification to continuously identify and classify sensitive data in cloud environments for real-time risk assessment and reduction of manual errors.
8. Use real-time data movement monitoring and alerting: Agencies should use real-time data movement monitoring and alerting to promptly detect and respond to unauthorized data transfers or suspicious cloud activity.
9. Foster collaboration between public and private sectors: Agencies should collaborate with the private sector to share knowledge, discuss evolving cloud security threats, and co-develop mitigation techniques.
10. Address supply chain security: Agencies should be aware of the increasing trend of nation-state actors attacking lower on the supply chain, potentially targeting smaller organizations with smaller security budgets and fewer dedicated security practitioners.

As budget reductions loom, agencies may consider reducing the number of employees or the amount spent on tools. However, Nate Fitzgerald, the head of product management for the Enterprise Security Group at Broadcom, suggested that agencies might shift towards buying suites of tools instead of niche vendors due to budget constraints [4]. Suite vendors offer bundle pricing advantages and technological integration advantages over the long term of a contract.

Moreover, Fitzgerald emphasized the importance of integrating various cybersecurity tools to reduce technological overhead. He mentioned Microsoft Defender security tools as an example of a trend towards using security tools that come with office and productivity products [5].

In December 2024, CISA issued a binding operational directive (BOD) instructing civilian agencies to secure cloud services [6]. The NSA has also warned intelligence agencies, military services, Defense Department agencies, and critical infrastructure providers to protect themselves from increased nation-state attacks [7].

As agencies navigate the complexities of cloud security, they must remain vigilant and proactive in their modernization efforts [8].

[1] NSA Issues Eight Emergency Directives for National Security Systems

[2] Agencies Realize Hidden Costs of Cloud Transformation

[3] NSA and CISA Offer 10 Ways for Agencies to Secure Cloud Services

[4] Agencies May Shift Towards Buying Suites of Tools

[5] Fitzgerald Emphasizes Importance of Integrating Cybersecurity Tools

[6] CISA Issues Binding Operational Directive for Cloud Security

[7] NSA Warns of Increased Nation-State Attacks

[8] Agencies Need to Be More Strategic and Tactical with Modernization Efforts

1. To save costs amidst fiscal 2026 budget reductions, agencies might opt for bundled cybersecurity tools from suite vendors, which offer long-term pricing and technological integration advantages over niche vendors.
2. As the risk of nation-state attacks intensifies, cybersecurity in personal-finance and budgeting applications, along with technology infrastructure in other sectors, must remain a top priority for agencies, requiring strategic and tactical modernization efforts.

Read also: