The Importance of Continuous Monitoring
How the National Security Agency (NSA) “Pwned” Cisco VPNs for 11 Years
In the article, NSA Pwned Cisco VPNs for 11 Year, it was explained how vulnerable Cisco Virtual Private Networks (VPN) have been for an extended time. Even though the devices were no longer supported after 2013, the article explains that they were (and are) still in use.
The issue at point is that these VPNs have been available for decryption for years (Schwartz, 2016). When considering the importance of Step 6 of the Risk Management Framework (RMF) and Continuous Monitoring), the focus is on a continual look at controls relating to system security. The challenge is changing the mindset of security practitioners from a “checklist” mentality where an action is done once and considered completed to a mindset of continual vigilance.
The reality is that cybersecurity practitioners are at “war” with hackers. These adversaries only have to find one way in, while security professionals have to find and guard against all. It’s a losing battle. No organization can be without risk. The key is to minimize risk. A big component of minimizing risk is reviewing the security controls and security posture of the system being protected. This is where continuous monitoring is a seemingly “holy grail” of the RMF cybersecurity “hopes and dreams.” (Until it is fully implemented, the challenge remains serious and active).
The question is: if continuous monitoring were implemented with the VPNs, would a non-supported solution have been implemented on the system in the first place? Ideally, through review and monitoring, the end of life support for this solution would have been discovered and a safer, alternative solution found.
Reference
Schwartz, M. (2016). NSA Pwned Cisco VPNs for 11 Year. Retrieved from http://www.inforisktoday.com/nsa-pwned-cisco-vpns-for-11-years-a-9354 inforisktoday.comNSA Pwned Cisco VPNs for 11 Yearsinforisktoday.com
(CLICKING ON IMAGE TAKES YOU TO AMAZON)
Dr. Susan Cole is a 2008 graduate of the University of Fairfax with a PhD in Information Assurance (Cybersecurity). She received her MBA from Salem International University (2007), her MA from American University in International Politics (1995), a BA from Wilson College in Foreign Languages (1994) and an AA in Mandarin Chinese (1997). For her PhD, she studied what influences the decision making process for IT and Cybersecurity managers in their recommendations to adopt and implement new security technology in their organizations. The specific technology she researched was Biometrics. She has achieved and maintains certification as both a Certified Information System Security Professional (CISSP) and a Certified Ethical Hacker (CEH). She also obtained her Certificate of Cloud Security Knowledge (CCSK). She’s held numerous positions from Cybersecurity Policy writer for an enterprise to a member of an Incident Response Team. Much of her career has focused on certification and accreditation (C&A) activities, now assessment and authorization (A&A) under NIST’s Risk Management Framework. She provided consulting support to small companies and now works as an Information System Security Officer (ISSO). Dr. Cole has been teaching since 2012 and has been involved with Colorado Technical University (CTU), Concordia University, Baker College, University of Maryland (UMUC), and Thomas Edison State University (TESU).
