A cybersecurity strategy for digital public health campaigns
2 Oct 2024
|
Case study
The onset of the COVID-19 pandemic highlighted the critical need for a swift and adaptable vaccine platform. With the rapid spread of the virus globally, there was an urgent call to develop vaccines and deliver them to the public in a hasty and efficient manner by leveraging groundbreaking technology. In Lebanon, the Inter-Ministerial and Municipal Platform for Assessment, Coordination and Tracking (IMPACT) played a pivotal role in ensuring the safety of the population and mitigating the virus’ transmission.
Client's Challenge
The growing prevalence of cyber security dangers encompassed rising incidents of cyberattacks including fraud, hacking, and illicit acquisition of personal information. Malignant actors tried to hack into the system to bypass the queue and acquire vaccines, as well as generate false certificates. Data protection needs were pivotal and sensitive customer information had to be safeguarded as the records of millions of citizens were at stake. There were compliance concerns, vital for adherence to industry regulations and protocols set by international regulatory bodies. The entire process was conducted within a very short timeframe due to the large-scale public health emergency. To complicate matters further, there were constraints in terms of budget, skilled personnel and technology.
Approach
To conduct a risk assessment, it was essential to perform a thorough evaluation of the existing security posture and identify vulnerabilities. There was no available platform to host, so one was created, with tight controls to guard against data infringements.
Multi-layered security controls were instituted:
Network security deployed firewalls, intrusion detection and prevention systems. A virtual Palo Alto firewall was provisioned and configured for access policies, publishing, VPN, IPS with SSL offloading, and logging into SIEM and DMZs.
An EDR solution ensured a centralized and comprehensive approach to end-point security, enabling the organization to detect, respond to and mitigate security threats effectively. EDR permitted real-time monitoring, data collection and analysis, integration with SIEM and reporting, and comprehensive documentation for compliance.
Servers enacted the latest version of all components in installed approaches, and up-to-date systems prevented breaches. OWASP recommendations for web application security were followed.
Encryption was applied at data storage and transport levels to protect sensitive data on the system, a full disk encryption (FDE) was enforced on all systems and, to safeguard data in transit, all traffic used SSL/TLS encryption.
A zero-trust model was used to defend against internal threats, and this was implemented using a split password mechanism. It required at least two users to decrypt the operating system at start-up to allow the admin to access the operating system. Using a governance approach, the two users belonged to different entities with varied responsibilities.
A SIEM solution gathered statistics and logs from each server. The data was then forwarded to a centralized location which analyzed the information in real-time, detecting abnormalities and sending alerts to the governing authority.
PAM by Delinea was deployed to provide appointed users with access to specific virtual machines which required a VPN and two-factor authentication. PAM also exhibited a screen recording feature and shell/remote access based on the operating system. All were chronicled, and an officer was tasked with reviewing the recordings while governance policies restricted copying data in and out of the system.
Training courses were conducted to instruct employees on best practices and social engineering hazards. Many support staff and government teams participated, while developers were educated on OWASP guidelines. The governance plan included a hand-over to a government entity for proper alignment.
An incident response plan was constructed to detect, respond and recover from any failures or breaches. To reduce downtime, a disaster recovery site was put in place and drills were conducted every six months to ensure that service interruption resulted in an automatic switch to the DR. Phishing sites were continuously tracked and halted to protect users’ personal information.
Outcomes
Due to the rigorous methodology surrounding IMPACT, there was early detection and mitigation of cyber threats. Attempts to impersonate users or compromise passwords on the dark web were negated as logs were scrutinized to detect perpetrators and illegal misuse of the system. There was alignment with regulatory requirements and specifications which resulted in enhanced abidance, and the minimization of infractions resulted in reduced risk exposure with an increase in stakeholder trust.
This project was a first in Lebanon, as citizens had never before shared their personal information, and due to the thorough measures, their data remained safe. To increase the transparency of IMPACT, statistical and real-time dashboards were made public and viewable for private individuals, NGOs or governmental bodies. Additionally, infrastructural resources were used effectively for cost efficiency.
The end result of the project was that thousands of lives in Lebanon were saved with Siren’s proactive measures in combatting a full-blown worldwide pandemic with technology and innovation.