Cyber strategy: 'We know what to do, now we need people to do it'

DHS's Andy Ozment and the FCC's David Bray say the pieces are coming together, but innovative responses -- and talented people -- are in constant demand.

Shutterstock image: pieces of the puzzle.

Although federal cybersecurity officials say things look promising in defending against threats to critical infrastructure, they also warn the cyberworld's mutability remains a constant challenge for defenders.

"We're putting the pieces of the puzzle together to crack the problem," Andy Ozment, assistant secretary for cybersecurity and communications at the Department of Homeland Security, said in a keynote speech at the second annual Cybersecurity Summit sponsored by the Association for Federal Information Resources Management and the U.S. Cyber Challenge.

With the National Institute of Standards and Technology's information sharing framework, the White House's February executive order on information sharing, and burgeoning security activities among critical infrastructure providers, the pieces are in place to respond to the growing cyber threat, according to Ozment.

Those initiatives provide best practices for industry, while allowing them to form cross-industry groups to discuss and share threat information. And legislative proposals from the White House, unveiled in January, would facilitate cybersecurity information sharing between the private sector and government. That proposal encourages the private sector to share appropriate cyber threat information with the Department of Homeland Security's National Cybersecurity and Communications Integration Center, which would then share it in near-real-time with relevant federal agencies.

Private-sector-developed and operated Information Sharing and Analysis Organizations (ISAOs) and Information Sharing and Analysis Centers (ISACs) are also key to the process, Ozment added, and increasing use of machine-to-machine alert capabilities are moving forward as well.

The cyber defense community has taken coordinated aim at the problem after some fits and starts, according to Ozment "We know what to do, now we need people to do it," he said referring to chronic shortages of employees with cyber skills in government and private industry. The AFFIRM event was aimed at discussing that shortage and how to mitigate it.

David Bray, CIO at the Federal Communications Commission and a 2015 Eisenhower Fellow working on global perspectives on the "Internet-of-Everything," said in remarks following Ozment's that the one constant with the Internet and cyber security is change.

Speaking not as FCC CIO but as a knowledgeable observer of cybersecurity, Bray said fundamental flaws in how the Internet was constructed years ago, including the use of TCP/IP protocol, as well as an increasingly heavy reliance on industrial control and other machine to machine communications systems that weren't designed with security in mind, could prove to be the Achilles heel of cyber defense.

The TCP/IP protocol was the Internet's original language and was developed at a time when cyber threats were a vague concern at most.

Internet-facing industrial control systems are an increasingly attractive target. "The threats with industrial control systems are even greater than with TCP/IP," he said.

To help mitigate those threats, Bray said, cyber defenders have to adjust. Cyber defenses should focus on behavior rather than just signatures of intruders. Recognizing certain aberrant behaviors can go a long way with cyber threats that either happen in slow motion over a long period of time to mask the activity, or at blinding speed.

However, with exponentially increasing cyberattacks and constant probing by cyber criminals on a rapidly expanding number of devices and systems, Bray said there is growing realization that a static response by CIOs and IT managers won't work. "We're at a tipping point," he said. CIOs and CEOs are realizing that there is an inherent risk in using the Internet and that trying to mitigate every possible threat is useless and counterproductive. A new attitude has to take hold.

"We don't assume the world is always safe," Bray said. "When you go to a restaurant, there are no armed guards outside the restaurant. Someone could plow a car into it and blow it up," but that doesn't stop us from going to restaurants. "We have to manage the risk."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.