Cyberattacks: Too much how, not enough why
- By Mark Rockwell
- Mar 31, 2014
Legislators, executive branch agencies and industry pay too much attention to the mechanics of cyberattacks and not enough to why the attacks occur, according to a report by the Intelligence and National Security Alliance.
The nonprofit, public/private INSA's March publication "Strategic Cyber Intelligence" states that national security and intelligence communities need to identify the broader goals and perspective on cyberattacks to properly allocate resources and counter assaults.
INSA seeks to recognize and promote standards in the national security and intelligence communities. Its members include current and former high-ranking intelligence, military and government leaders, analysts, and experts from industry and academia.
Tactics dominate the discussion of cybersecurity, the reports states. The tactical focus is apparent in the Cyber Intelligence Sharing and Protection Act, which defines cyber intelligence as "information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity including information pertaining to the protection of a network or system."
The focus on "system" and "network" instead of an organization's intellectual property, trade secrets, sensitive operations, and other competitive and mission-oriented data misses the larger point, according to INSA.
A broader strategic vision that looks for reasons why an attack is occurring and what the attackers are after can lead to better tactical, on-the-ground defenses.
"Many organizations do not consider themselves to be attractive targets for a cyber incident until after the threat occurs," the paper states.
INSA officials said they hope to help C-suite executives, top managers and other senior-level leaders interpret and understand the full context of cyber threats, including the bond between strategic cyber intelligence and risk management. They also want a more thorough consideration of the role of strategic cyber intelligence analysis based on the National Institute of Standards and Technology's risk assessment methods.
Among other vulnerability exercises, INSA recommends "red teaming" to understand possible attackers' motives, goals and potential targets. Vulnerability assessments that follow NIST's recommendations are also essential to any risk management plan, the report states.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.