Today is Cyber Monday and the online holiday shopping season has begun. Cybersecurity awareness is and should be top of mind for everyone, including government IT professionals. Cybersecurity is not something to think about just during special occasions. Instead, in our hyperconnected digital world, security has to be built into the very fabric of the networks that agencies use.
Just think: On the one hand, the recent explosion in video streaming, the Internet of Things, connected devices and a mobile workforce all combine to produce a spike in network traffic at levels never seen before. On the other hand, as users grow accustomed to the convenience and performance of always-available connectivity, they grow justifiably irritated at anything less than always-on, flawless performance. That performance has to include always-on security.
But most networks today are a patchwork and built over the course of many years with a hodgepodge of cybersecurity solutions, each with its own approach, in some cases “bolted on” to existing systems. The lack of qualified security professionals to monitor, patch and maintain cybersecurity in these network environments makes it a continuous challenge for agencies to protect both their users and data.
Network modernization represents a real opportunity to remedy these shortfalls.
CenturyLink has a two-pronged approach to security – leveraging our global network for worldwide threat visibility, then acting against the threats that are uncovered. This is the foundation of what we call Connected Security, CenturyLink’s vision for a seamless integration between security and the network.
The more we can do as a global provider to identify and disrupt malicious internet traffic before it hits customers’ infrastructure, the better able agencies are to focus on their priorities. This is the basis of transforming the network into both a threat sensor and proactive defense platform – what we call Connected Security.
This integrated network approach to security is a key reason that CenturyLink will be providing secure cloud connectivity to the U.S. Census Bureau next year.
Cybersecurity For The 2020 Census
Last summer, CenturyLink was awarded a contract to support the public internet response system for the 2020 Census. This will enable more than 125 million households to complete their census forms online and allow the Census Bureau to access the responses via secure cloud applications for the first time.
In a way, the decennial census is planned modernization. Required by the U.S. Constitution to be conducted every ten years, it provides a scheduled window to incorporate advances in technology and telecommunications. The 2020 Census will be the first conducted primarily online.
To handle the task, CenturyLink is providing the Census Bureau with Managed Trusted Internet Protocol Services (MTIPS) at speeds of 40 Gbps or higher. MTIPS is a managed security service that provides secure connectivity to the internet and external networks. It enables agencies to comply with the Office of Management and Budget’s Trusted Internet Connection (TIC) initiative.
This will allow the Census Bureau to move the decennial census to an online digital platform and carry out its data-gathering mission in the most secure, reliable and cost-effective way. About half of all American households are expected to submit their responses this way.
Black Lotus Labs
Another facet of CenturyLink’s comprehensive approach to cybersecurity is Black Lotus Labs, our advanced threat research team that was built to model threat behaviors, understand motivations, use attacker techniques as the starting point for research and analysis, and implement efforts to disrupt malicious actions.
The Black Lotus Lab team hunts, identifies and observes bad actors trying to leverage malicious code, then reviews their tactics, techniques and procedures to identify the infrastructure and the command and control (C2) tactics they’re using. During the first half of 2019, for example, Black Lotus Labs tracked more than 18,000 C2s every day.
Machine learning models developed by Black Lotus Labs ingest over 139 billion NetFlow sessions and some 771 million DNS queries every day. In the first half of 2019, Black Lotus Labs tracked an average of 3.8 million unique threats per month, correlating them against CenturyLink’s NetFlow and DNS metadata to alert customers to a potential compromise.
Identifying and defending against network threats is part of the solution; the other part is threat disruption.
Once the threat research team is highly confident that a host is acting as a malicious C2, and that removing it will have an impact, Black Lotus Labs works with the identified upstream service providers to disable the malicious infrastructure. If those providers do not act, CenturyLink can remove the ability of C2s to access or send data across the CenturyLink global network.
These are just a few samples of the work we do every day to combat the global scourge of cyber threats. To learn more, be sure to check out the CenturyLink 2019 Threat Report for a comprehensive look at the state of global cybersecurity, emerging threats and CenturyLink’s state-of-the-art responses and preventative security measures.