3 basic steps to thwart most cyberattacks, courtesy of NSA

Best practices, proper configurations and network monitoring can enable systems withstand 80 percent of attacks

Schaeffer's big three

National Security Agency information assurance director Richard Schaeffer says these three basic steps will enable your agency to withstand 80 percent of known cyberattacks:

  1. Implementing best security practices
  2. Proper network configurations
  3. Strong network monitoring

Computer systems with proper security and network controls should be able to withstand about 80 percent of known cyberattacks, according to a senior National Security Agency official.

There are common steps that people could take to bolster computer security and make it more difficult for would-be-hackers to gain access, Richard Schaeffer Jr., the NSA’s information assurance director, told the Senate Judiciary Committee’s Terrorism and Homeland Security Subcommittee today. He identified three measures in particular as being especially effective.

“We believe that if one institutes best practices, proper configurations [and] good network monitoring that a system ought to be able to withstand about 80 percent of the commonly known attack mechanisms against systems today,” Schaeffer said in his testimony. “You can actually harden your network environment to raise the bar such that the adversary has to resort to much, much more sophisticated means, thereby raising the risk of detection."

Schaeffer said NSA works directly and indirectly with vendors to develop and distribute configuration guidance for software and hardware. Since 2005, NSA has worked with Microsoft, the U.S. military, the National Institute of Standards and Technology, the Homeland Security Department, and the Defense Information Systems Agency to establish consensus on common security configurations for Microsoft operating systems, he said.

For example, Schaeffer said the announcement by Microsoft of the release of Windows 7 was quickly followed by the release of the security configuration guide for the operating system. He said that NSA, in partnership with Microsoft and parts of the Defense Department, was able to enhance Microsoft’s operating system security guide without hampering a user’s ability to do everyday tasks.

“All this was done in coordination with the product release, not months or years later during the product lifecycle,” he said in prepared remarks.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.