Full-range arsenal, portfolio approach necessary for cyber defense
For the U.S. to adequately combat adversaries in cyberspace, government entities and private companies both need a wide-ranging defense that includes different levels and types of policies, actions and deterrents. It’s all part of a holistic cyber defense portfolio, according to a panel of industry experts who spoke April 4 at the FOSE conference in Washington.
As a basic premise, organizations need to make it too expensive and harmful for hackers and other cyber enemies to carry out their attacks, and also must have strong, automated tools that still include human analysis and action, according to Michael Berman, CTO at Catbird. That includes techniques such as sandboxing, honeypots that act as decoys or “ghosts,” and heuristics that analyze behavior and help prevent exfiltration.
“These are important tools that are often overlooked as we focus on defense too much. We focus on the perimeter too much. Let’s assume they’re already in our network. They already have the data; now they have to get out with it,” Berman said.
That means moving to the next level of active defense, he said.
“If we’re serious about attribution and understanding who your attacker is – is it really a nation-state or a non-governmental organization, or is it two 16-year-olds in California? – sometimes you have to hack back. You have to penetrate the network of the attacker,” Berman said.
Prem Iyer, practice director for information security at Iron Bow Technologies, agreed that perimeter defense is not sufficient. The realization dawns with the move to mobile technology.
“When we look at information security throughout the enterprise, traditionally our conversation was about protecting the perimeter. With the advent of the USB devices, DVD writers and now with smart phones and tablets, that perimeter doesn’t really exist for most workers today,” Iyer said.
“People aren’t always working behind the corporate or government facility anymore; they want to work at Starbucks and potentially access unclassified or even classified information. So how do we enable that in such a way that’s [information assurance] compliant but also enables the mission? We can no longer just talk about the perimeter…it requires a holistic view of how we secure our environment,” he said.
Behind the technological scenes, organizations defending against cyber attacks also need to be playing on the same team against the adversaries, according to Kevin Yin, CEO of Sitscape, who stressed the importance of shared situational awareness and information-sharing.
“We have to be able to collaborate as cyber warfighters. Army, Air Force, Navy, the intelligence [community] – they all have information, and in many cases they don’t share with each other,” Yin said. “Information should flow seamlessly, in real-time or near real-time, across different users, services, locations [and] devices. When you do this, what you accomplish is that you’re 10 times more powerful than you used to be.”
Amber Corrin is a staff writer covering defense and national security. Connect with her on Twitter: @AmberInsideDOD.