Full-range arsenal, portfolio approach necessary for cyber defense

For the U.S. to adequately combat adversaries in cyberspace, government entities and private companies both need a wide-ranging defense that includes different levels and types of policies, actions and deterrents. It’s all part of a holistic cyber defense portfolio, according to a panel of industry experts who spoke April 4 at the FOSE conference in Washington.

As a basic premise, organizations need to make it too expensive and harmful for hackers and other cyber enemies to carry out their attacks, and also must have strong, automated tools that still include human analysis and action, according to Michael Berman, CTO at Catbird. That includes techniques such as sandboxing, honeypots that act as decoys or “ghosts,” and heuristics that analyze behavior and help prevent exfiltration.

“These are important tools that are often overlooked as we focus on defense too much. We focus on the perimeter too much. Let’s assume they’re already in our network. They already have the data; now they have to get out with it,” Berman said.

That means moving to the next level of active defense, he said.

“If we’re serious about attribution and understanding who your attacker is – is it really a nation-state or a non-governmental organization, or is it two 16-year-olds in California? – sometimes you have to hack back. You have to penetrate the network of the attacker,” Berman said.

Prem Iyer, practice director for information security at Iron Bow Technologies, agreed that perimeter defense is not sufficient. The realization dawns with the move to mobile technology.

“When we look at information security throughout the enterprise, traditionally our conversation was about protecting the perimeter. With the advent of the USB devices, DVD writers and now with smart phones and tablets, that perimeter doesn’t really exist for most workers today,” Iyer said.

“People aren’t always working behind the corporate or government facility anymore; they want to work at Starbucks and potentially access unclassified or even classified information. So how do we enable that in such a way that’s [information assurance] compliant but also enables the mission? We can no longer just talk about the perimeter…it requires a holistic view of how we secure our environment,” he said.

Behind the technological scenes, organizations defending against cyber attacks also need to be playing on the same team against the adversaries, according to Kevin Yin, CEO of Sitscape, who stressed the importance of shared situational awareness and information-sharing.

“We have to be able to collaborate as cyber warfighters. Army, Air Force, Navy, the intelligence [community] – they all have information, and in many cases they don’t share with each other,” Yin said. “Information should flow seamlessly, in real-time or near real-time, across different users, services, locations [and] devices. When you do this, what you accomplish is that you’re 10 times more powerful than you used to be.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Wed, Apr 25, 2012 "Jazz"

Here, here Mr. Long. Its the 80/20 rule yet again... or maybe in cyber today the 99/1 rule. The basic, decade-old protections properly & consistantly implemented will mitigate 99% of the risk. 99% of groups need not buy the latest & greatest protections. The problem is that the cost/benefit/risk of protections vs. losses are not borne equally by the many parties involved. In short, the weakest security link will always be the one that's has the highest cost/benefit ratio.... and that's usually users having to take extra steps but who also have easy ways to avoid those steps.

Sat, Apr 7, 2012 John Long, Sr Dumfries, VA 22026

Good articles but after 30 years of information technology and computer security, I am concerned about separating hoax from reality for the sake of corporate dollars. I have observed this with the mainframe, Y2K, etc. and now cyber security. Most breakin in our systems is not because of High Tech Geeks but sloppy procedures, lack of attention to security issues by senior management except for response to audits and incidents, and poor management and enforcement of simple things such as access control, effective monitoring, etc. For Example, most senior Law Enforcement personnel (especially military) review the events of the privious day every morning. How many senior managers moniotor the acivity of the computer operations the night before (probable none). With law enforcement you are searching for patterns of unusual activity or any sense of uniqueness or things out of the ordinary. How many manager have asked their CIS or CISO the simple question of how is our computer operations coming; do we have any issues requiring senior management attention?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above