Full-range arsenal, portfolio approach necessary for cyber defense

For the U.S. to adequately combat adversaries in cyberspace, government entities and private companies both need a wide-ranging defense that includes different levels and types of policies, actions and deterrents. It’s all part of a holistic cyber defense portfolio, according to a panel of industry experts who spoke April 4 at the FOSE conference in Washington.

As a basic premise, organizations need to make it too expensive and harmful for hackers and other cyber enemies to carry out their attacks, and also must have strong, automated tools that still include human analysis and action, according to Michael Berman, CTO at Catbird. That includes techniques such as sandboxing, honeypots that act as decoys or “ghosts,” and heuristics that analyze behavior and help prevent exfiltration.

“These are important tools that are often overlooked as we focus on defense too much. We focus on the perimeter too much. Let’s assume they’re already in our network. They already have the data; now they have to get out with it,” Berman said.

That means moving to the next level of active defense, he said.

“If we’re serious about attribution and understanding who your attacker is – is it really a nation-state or a non-governmental organization, or is it two 16-year-olds in California? – sometimes you have to hack back. You have to penetrate the network of the attacker,” Berman said.

Prem Iyer, practice director for information security at Iron Bow Technologies, agreed that perimeter defense is not sufficient. The realization dawns with the move to mobile technology.

“When we look at information security throughout the enterprise, traditionally our conversation was about protecting the perimeter. With the advent of the USB devices, DVD writers and now with smart phones and tablets, that perimeter doesn’t really exist for most workers today,” Iyer said.

“People aren’t always working behind the corporate or government facility anymore; they want to work at Starbucks and potentially access unclassified or even classified information. So how do we enable that in such a way that’s [information assurance] compliant but also enables the mission? We can no longer just talk about the perimeter…it requires a holistic view of how we secure our environment,” he said.

Behind the technological scenes, organizations defending against cyber attacks also need to be playing on the same team against the adversaries, according to Kevin Yin, CEO of Sitscape, who stressed the importance of shared situational awareness and information-sharing.

“We have to be able to collaborate as cyber warfighters. Army, Air Force, Navy, the intelligence [community] – they all have information, and in many cases they don’t share with each other,” Yin said. “Information should flow seamlessly, in real-time or near real-time, across different users, services, locations [and] devices. When you do this, what you accomplish is that you’re 10 times more powerful than you used to be.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.