What the US National Cybersecurity Guidance Means for Your IBM i

In March 2021, President Joe Biden issued an Executive Order on Improving the Nation’s Cybersecurity. The move was prompted by the convergence of multiple factors that have created an increased threat environment for both government agencies and private sector organizations.

That led the Cybersecurity and Infrastructure Security Agency (CISA) to issue a fact sheet containing guidelines for protecting against cybersecurity attacks. That document is foundational to CISA’s “Shields Up” campaign, which aims to bolster our nation’s defenses in the face of an increasingly intense threat environment.

CISA’s recommendations are limited to government entities. They offer a solid approach to protecting your business from a wide range of cybersecurity threats, including ransomware attacks, data breaches, and computer-related financial crimes.

CISA’s advice is timely and relevant for organizations of all sizes. Cybersecurity threats are intensifying. Attacks are becoming more frequent and more sophisticated. Mounting geopolitical tensions, fueled in large part by the conflict in Ukraine, have increased the efforts that rogue states are making to penetrate systems in the United States and elsewhere, including private sector businesses.

What does this mean for organizations that rely on IBM i systems to store and process their most critical business information? As part of Precisely’s Trust 22 Data Integrity Summit, security expert Bill Hammond provided information on how IBM shops can operationalize CISA’s cybersecurity recommendations. Here’s an overview of the key recommendations presented during that session:

1. Multifactor Authentication

CISA recommends deploying multifactor authentication (MFA) on all systems. This is the number one defense against malware. Usernames and passwords are easily compromised, and they’re frequently offered for sale on the dark web. MFA typically requires a combination of username, password, and a dynamically generated verification code to access internal systems. Users who don’t have access to the physical token device to generate a code will be unable to access the system in question.

IBM shops should look for an MFA solution that protects their IBM i systems, in addition to all other computing platforms. If you have already deployed MFA on non-IBM platforms, look for a vendor whose MFA product for IBM will work seamlessly with your existing environment. Unfortunately, many of the MFA products on the market fail to address this need adequately.

Look for an MFA product that protects more than just usernames and passwords. The best MFA solutions will protect database access and will restrict the execution of command-line procedures to authorized (and fully authenticated) personnel.

2. Modern Security Tools

IBM systems have a great reputation for security. That’s well deserved, but it doesn’t necessarily mean that the IBM i platform is secure by default. Administrators should clearly understand IBM security settings, including user permissions, and should implement policies that are as restrictive as possible while still permitting users to do their jobs effectively.

Lax practices often lead to security holes. Modern security tools address this problem by constantly monitoring for potential vulnerabilities such as elevated permissions that may not be warranted. Such tools can help to mitigate threats as soon as they are discovered, limiting your organization’s exposure to cyberattacks.

3. Cybersecurity Expertise

CISA recommends working with cybersecurity professionals to create an elevated defense posture against any potential threats. That means routine testing against all known vulnerabilities, routine cybersecurity audits, and prompt application of software patches and updates. It also means creating and enforcing effective policies throughout your organization, such as requiring users to frequently change their passwords.

4. Data Protection

Routine backups are critical, but many organizations fail to develop and implement procedures for testing and verifying the integrity of those backups. Testing recovery processes is critically important. Hammond also recommends keeping “air-gapped” copies of backed-up data that simply cannot be accessed by malicious actors.

Effective backup procedures are just one part of a broader disaster recovery (DR) plan. To adequately protect against cybersecurity threats, IBM shops should include security as part of their overall DR strategy. Companies should also consider implementing measures to achieve high availability (HA) for their IBM systems. This offers immediate failover recovery for mission-critical systems.

5. Security Testing

CISA recommends running cybersecurity drills so that IT personnel are equipped to respond quickly when a security incident occurs. Rapid response is essential to minimizing the damage in the event that your systems are penetrated. It can be especially useful to coordinate security drills with the testing of backup and DR capabilities.

External experts can be very helpful in ensuring that security testing is robust and free from bias. Despite the best intentions, internal personnel may be inclined to dismiss concerns and take the position that everything will work as expected. By bringing in external security consultants, your organization can benefit from a bias-free assessment.

6. Data Encryption

IBM i systems house some of the most valuable, mission-critical data in the world. That includes personally identifiable information (PII), which if stolen, could lead to fines and penalties, legal action, and reputational damage to your organization. Critical financial data and transactions are also housed and processed on these systems, making them highly attractive to bad actors.

Encryption is a key defense against hackers because it renders your data unusable to them. It’s also an essential element of compliance for many organizations, prompted by government regulations and frequently required by key customers as part of their vendor data security standards.

7. Employee Education

CISA recommends that companies educate their employees about the common tactics used to gain access to internal protected systems, such as phishing emails or malicious websites. IT leaders should put mechanisms in place to make it easy for employees to report suspicious incidents.

Organizations that run IBM i systems should ensure that their employee outreach and education efforts include information that pertains to IBM i system access.

8. Establish Relationships

Finally, CISA recommends that companies proactively engage with CISA and law enforcement agencies to build strong relationships before a cybersecurity incident occurs. A good place to start is the CISA website. Your local FBI field office also has resources that can help in the case that you experience an attack.

An effective cybersecurity strategy for organizations that run IBM systems starts with a clear understanding of potential threats and a comprehensive view of your IT landscape that includes your IBM i systems. Precisely’s IBM i security experts offer a comprehensive range of tools and advice to help organizations like yours stay one step ahead of the bad actors. You can learn more about our Assure Security offering on our website.

If you would like to learn more about the evolving threat environment surrounding IBM i systems, check out our free e-book, How Malware is Reshaping IBM i Security – The rules have changed.