Blog: Cyber Is too Complex: Simplify

October 29, 2010
By Robert K. Ackerman
E-mail About the Author

One key to securing cyberspace may be to simplify its processes and architectures. The newly formed U.S. Cyber Command is taking that approach in configuring its own information systems. Rear Adm. David Glenn, USCG, U.S. Cyber Command J-6, told the Thursday breakfast audience at TechNet Asia-Pacific 2010 that all elements of cyber are potential attack surfaces. He characterized these elements as the geographic layer; the physical network layer; the logical network layer (where the 1s and 0s reside); the cyber persona layer; and the persona layer. "We need to simplify GIG [Global Information Grid] architecture, reduce and simplify our networks, and reduce the hundreds of security enclaves down to one," he said. Adm. Glenn called for better agility, perhaps through virtualization of servers, routers and switches. The Cyber Command is going thin client so that the command's few remaining enclaves can go to a single desktop. These and other measures will reduce attack surfaces and allow for rapid configuration when an attack occurs, he notes. The command no longer will be able to, or need to, rely on perimeter defense alone.

Share Your Thoughts:

Again, WTF?! Flatten the architecture and an enemy that breaches the defenses doesn't have access to a subsection of the network, they've got it all! Defense in Depth is taught at the Signal schools (and tactical schools as well) because it's wise.

Reducing attack surfaces makes no sense. Force the enemy to attack a LOT of surfaces in order to make a significant impact.

Reducing attack surfaces also reduces functional surfaces. Reduce VULNERABILITIES, increase DEFENSES and create automatic COUNTERATTACK systems.

Suggestion for the Strategic-level thinkers: Please stop thinking tactically, you're way out of the game, far from the battlefield and easilly swayed by a great presentation by companies that want the DoD dollar.

One thing we can agree upon...what's in place now isn't working. I don't think they are advocating abandoning the Defense-in-depth concept. Reducing attack surfaces means getting rid of the thousands of Internet connections to the GIG that people don't know how to manage. Defense-in-depth is a great concept when people follow it. FISMA, in its current state, is another problem. It adds little to no value and it sucks up DoD dollars like nobody's business which leaves less money for the real hardening of networks. Another problem is lack of training, most government people I run across are hardly experts. And these are people running networks or have a voice in making IT decisions. IT in government is way too political and it stands in the way of really creating a secure environment.

Share Your Thoughts: