|How Weak Network Visibility Exposes Correctional Facilities to Cyberattacks|
|By Chris Pyne|
The Nevada Department of Corrections (NDOC) is responsible for the management of inmates in the state of Nevada. It houses over 13,000 inmates across 17+ facilities and partners with other Nevada state and local programs for vocational training and rehabilitative services for individuals prior to reintegration. As such, it has an extensive IT network that is responsible for not just every device in every location, but also every door lock, HVAC system and overall security. It can be like a row of dominoes in times of remote failure- when one falls over, the rest follow.
If a network within a corrections facility fails, it isn’t just a crisis of security from the inside, it also becomes a public safety issue. An error can result in severe complications putting inmates, staff and the public at risk. Controlling such a delicate environment means that every person and every device that accesses the network at any time must be identified. There should be no concept of BYOD in a correctional facility. Outside phones or laptops pose a major security hazard. One lapse in judgement can result in anyone and anything getting into a network and wreaking havoc.
Many correctional facilities are owned and operated by the government or using state funds, so they often struggle with balancing safety with their budgets. As they grow- more locations, more units, more programs- their networks are spread wider. And as a result, it becomes tougher to manage centrally. Tougher to see any potential points of exposure. The reality is that facilities can’t afford to have network gaps. The risk is too great, especially at the DNS-DHCP-IPAM (DDI) level, which is an entry point to any organization’s network from the outside world.
For NDOC, remote management failures, downtime and the inability to spot a vulnerability across the network were pushing the team to extreme limits. Plus, a growing number of servers and locations meant that the network wasn’t being managed as a whole- new locations weren’t integrated with the existing IP address management (IPAM) solution, and the team’s resources were spread thin.
According to Daniel Erlendson, IT Manager at NDOC, “We couldn’t leave certain facilities flapping in the breeze. We needed a solution that could support all of our facilities together.”
As a result, NDOC created a list of criteria to evaluate their existing network automation and security solutions, which any correctional facility can use:
Correctional facilities must also think about future needs. For example, automating more network switches and how existing configurations factor into play. They should look at the on-demand discovery of devices and the ability to detect unauthorized devices and track changes in real-time. Plus, if facilities implement a new solution, downtime is non-negotiable. A transition should be seamless. Users can’t be affected in any way. In the case of NDOC, this was all part of the go/no-go decision-making process. According to Erlendson, “The IT Chief forwarded a note to our upper management, praising the essentially invisible transition that occurred within what is, without a doubt, the most critical system we have. Nothing works without IP address assignment and resolution of those addresses.”
It was this critical thinking that helped NDOC improve its network visibility. As a result, the agency can now see and control all of its locations on a centralized platform, giving it the ability to spot any issue or vulnerability and rectify it quickly. Since many facilities operate with set and often compromised budgets, it’s critical that they dissect what truly makes a solution effective. The end result can not only reduce the risk of attack, but save an agency money and time – two that are often scarce.
Chris Pyne is the Vice President of North America Operations at EfficientIP, a network automation and security company. Founded in 2004, EfficientIP is the world’s fastest-growing DDI vendor, with headquarters in Europe, Asia and North America. EfficientIP solutions have been selected by many of the most demanding organizations across a spectrum of commercial verticals and government sectors.
IN CASE YOU MISSED IT