Locker with key and empty key tag in office showing confidential information

Defense Cybersecurity: How Changing Classified Document Status Can Unknowingly Affect Risk Levels

It seems like leaders in cybersecurity can’t catch a break when it comes to network and cloud risks. There’s ransomware as a service (RaaS) gangs, insider threats, phishing and numerous threats to consider when curating a defensive playbook. Whether it’s the JBS Foods ransomware incident, the Colonial Pipeline attack or the Russian hackers that attacked the U.S. Treasury and Commerce departments in 2020, it’s clear that every agency and critical infrastructure organisation needs to be mindful of vulnerabilities — both known and unknown — that could potentially impact sensitive information.

Implications of a federal cyberattack

In the 2021 Thales Data Threat Report, 84% of U.S. government employees expressed concern about the increased cyber risks and threats with employees working remotely. Respondents indicated that the decreased level of caution remote workers have in addition to lack of confidence in their current security systems were their primary concerns. Since there is a motion to keep federal workers remote, there are additional risks to keep in mind when it comes to moving content up the classified pipeline.

Beyond the risk of critical information being exposed, there can be legal implications for victims of cyberattacks. The Securities and Exchange Commission and Commodity Futures Trading Commission has indicated that further reporting might be required depending on the circumstances of the attack and the type of data that was extracted. Companies and agencies must also report incidents under state breach laws and customers that are using their systems.

Effects of malware on files

Once a piece of malware enters a network via a point of weakness, the journey of lateral movement can begin. In a sophisticated attack, the intruder will attempt to move through the organisation, undetected, in order to infect a wider range of devices and files and gather as much information as possible. When documents enter government systems at an unclassified point, they are available to a wider group of people and then once they enter into a classification level — either confidential, secret or top secret — they may still have malware attached.

“Classified” constitutes information, which, for reasons of national security, is specifically designated by a United States Government agency for limited or restricted dissemination or distribution. When you are taking documents from low to high confidentiality levels, there is more than just privacy at stake. If files that were previously unclassified harbor viruses, that could enable digital adversaries to break into top secret networks and even steal trade and foreign policy secrets or military tactics, which could put millions of lives and significant data at risk.

SolarWinds, one of the most infamous cyberattacks in history, experienced the consequences of sharing hacked code into an offering that was sent to thousands of enterprises and government agencies. The hackers responsible for the attack had uninterrupted access to departments in the Pentagon, Homeland Security, State and more, for 14 months before being discovered. With unfettered access to classified information for that long there’s no telling the true extent of the damage and potential secrets exposed.

There should be proactive systems in place to protect this data with national security implications as it goes through the confidentiality cycle — particularly mandated filters to ensure the files are sanitized.

File sanitization throughout the confidentiality cycle

Defense agencies must take a proactive approach to file security, and one of the most effective ways to do this is by utilizing Content Disarm and Reconstruction (CDR) technology that instantly cleans and rebuilds files to match its known good manufacturer’s spec – automatically removing potential threats. With the sophistication of the new age of cyberattacks, a reactive strategy can no longer keep up with the potential dangers that are faced. It puts users and files at risk while disrupting business productivity and adding stress to already busy and understaffed security teams.

CDR not only takes cybersecurity to a proactive approach, but it removes the blind spots and vulnerabilities that hackers can infiltrate. In the case of sensitive government documents, it assists with closing any loopholes and allows our government leaders to focus on other important tasks such as strategy and decision making.

As we all know, the intensity of attacks will not abate. In 2021, cyber insurance providers spent $40 million on claims and that number is only expected to increase in the new year. Attackers will continue to stay hungry, pushing the envelope and attempting to get into these networks to access classified information. The same hackers behind SolarWinds and the infamous Russian attack on the U.S. government, are continuously trying to infiltrate multiple federal agencies on both sides of the pond. When it comes to national security, there’s no room for complacency. Instead, taking proactive steps to ensure the safety of classified documents is the best way forward.