Full-range arsenal, portfolio approach necessary for cyber defense

For the U.S. to adequately combat adversaries in cyberspace, government entities and private companies both need a wide-ranging defense that includes different levels and types of policies, actions and deterrents. It’s all part of a holistic cyber defense portfolio, according to a panel of industry experts who spoke April 4 at the FOSE conference in Washington.

As a basic premise, organizations need to make it too expensive and harmful for hackers and other cyber enemies to carry out their attacks, and also must have strong, automated tools that still include human analysis and action, according to Michael Berman, CTO at Catbird. That includes techniques such as sandboxing, honeypots that act as decoys or “ghosts,” and heuristics that analyze behavior and help prevent exfiltration.

“These are important tools that are often overlooked as we focus on defense too much. We focus on the perimeter too much. Let’s assume they’re already in our network. They already have the data; now they have to get out with it,” Berman said.

That means moving to the next level of active defense, he said.

“If we’re serious about attribution and understanding who your attacker is – is it really a nation-state or a non-governmental organization, or is it two 16-year-olds in California? – sometimes you have to hack back. You have to penetrate the network of the attacker,” Berman said.

Prem Iyer, practice director for information security at Iron Bow Technologies, agreed that perimeter defense is not sufficient. The realization dawns with the move to mobile technology.

“When we look at information security throughout the enterprise, traditionally our conversation was about protecting the perimeter. With the advent of the USB devices, DVD writers and now with smart phones and tablets, that perimeter doesn’t really exist for most workers today,” Iyer said.

“People aren’t always working behind the corporate or government facility anymore; they want to work at Starbucks and potentially access unclassified or even classified information. So how do we enable that in such a way that’s [information assurance] compliant but also enables the mission? We can no longer just talk about the perimeter…it requires a holistic view of how we secure our environment,” he said.

Behind the technological scenes, organizations defending against cyber attacks also need to be playing on the same team against the adversaries, according to Kevin Yin, CEO of Sitscape, who stressed the importance of shared situational awareness and information-sharing.

“We have to be able to collaborate as cyber warfighters. Army, Air Force, Navy, the intelligence [community] – they all have information, and in many cases they don’t share with each other,” Yin said. “Information should flow seamlessly, in real-time or near real-time, across different users, services, locations [and] devices. When you do this, what you accomplish is that you’re 10 times more powerful than you used to be.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Wed, Apr 25, 2012 "Jazz"

Here, here Mr. Long. Its the 80/20 rule yet again... or maybe in cyber today the 99/1 rule. The basic, decade-old protections properly & consistantly implemented will mitigate 99% of the risk. 99% of groups need not buy the latest & greatest protections. The problem is that the cost/benefit/risk of protections vs. losses are not borne equally by the many parties involved. In short, the weakest security link will always be the one that's has the highest cost/benefit ratio.... and that's usually users having to take extra steps but who also have easy ways to avoid those steps.

Sat, Apr 7, 2012 John Long, Sr Dumfries, VA 22026

Good articles but after 30 years of information technology and computer security, I am concerned about separating hoax from reality for the sake of corporate dollars. I have observed this with the mainframe, Y2K, etc. and now cyber security. Most breakin in our systems is not because of High Tech Geeks but sloppy procedures, lack of attention to security issues by senior management except for response to audits and incidents, and poor management and enforcement of simple things such as access control, effective monitoring, etc. For Example, most senior Law Enforcement personnel (especially military) review the events of the privious day every morning. How many senior managers moniotor the acivity of the computer operations the night before (probable none). With law enforcement you are searching for patterns of unusual activity or any sense of uniqueness or things out of the ordinary. How many manager have asked their CIS or CISO the simple question of how is our computer operations coming; do we have any issues requiring senior management attention?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above