Will 2010 bring a wake-up call for cybersecurity?

Protecting networked systems isn't getting any easier

BEDFORD SPRINGS, Pa. — Protecting the nation’s networked systems from cyber threats is not going to get any easier in 2010, and the cybersecurity community will have to address issues that haven’t gotten a lot of attention in the past few years, according to security experts speaking at the Government Technology Research Alliance Council meeting.

Existing processes and technologies are not getting the job done because organizations and industry vendors are too focused on protecting network perimeters, said Amit Yoran, chief executive officer of NetWitness, at a luncheon Dec. 7. He is a former director of the U.S. Computer Emergency Readiness Team and the Homeland Security Department’s National Cybersecurity Division.

Most information technology security tools are signature-based, which means they focus on known threats and cannot meet the challenges of emerging advanced threats from criminal organizations and nation-state adversaries, Yoran said. In today’s organizations, it is impossible to define where perimeters and boundaries are and where data is located.

“The security market is almost focused on network-layer activities, which is useless against advanced threats,” he added.

Randy Vickers, the current director of US-CERT and DHS’s National Cybersecurity Division, agreed that the cybersecurity community must go beyond signature-based detection.

“We have to get more robust detection,” Vickers said.  Intrusion detection and other signature-based tools are limited because they force security operators to act on what they know, not what could be happening.

But there’s a risk to moving to a more heuristic detection approach, which uses past experiences to make educated guesses about present network behavior.  When agencies move into more behavior-based anomaly detection, they might collect sensitive data such as medical information, Social Security numbers or other information protected by rules or legislation, he said.

“I’m not talking about deep packet inspection but normal types of anomalous information,” he said, adding that there is concern about how DHS and other agencies collect data. “If we can’t get past those issues, we will never get to the point at the enterprise level where we are looking at things in a heuristic way.”

DHS will focus on prioritizing threats, managing risks in cyberspace and encouraging cybersecurity innovation in the coming year, Vickers said. Officials will emphasize building on programs that stress information sharing with security operations personnel and chief information officers, he said.

Meanwhile, Yoran offered his list of cyber threats that are bound to keep cybersecurity experts awake at night. They include:

  • Attacks that continue up the network stack, affecting applications.
  • A continued focus on Web- and e-mail-based delivery of attacks. “We have no effective method to police or patrol Web traffic,” he said.
  • Custom malware.
  • Increasing challenges in incident response. Attacks will attempt to shut down command and control channels.
  • An expected increase in the prevalence of sleeper software.
  • A rise in attacks that target mobile computing platforms.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.

Featured

  • Cybersecurity
    malware detection (Alexander Yakimov/Shutterstock.com)

    Microsoft targets copycat influence websites

    Microsoft went to court to take down websites it believes to be part of a foreign intelligence operation targeting conservative think tanks and the U.S. Senate.

  • Cybersecurity
    secure network

    FAA explores shifting its network to FISMA high

    The Federal Aviation Administration is exploring an upgrade to the information security categorization of IT systems as part of air traffic control modernization.

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.