Agile Cyberthreats Require Flexible Security
Although not claiming victory, the U.S. Department of Homeland Security (DHS) has made some serious headway in improving cybersecurity, according to panelists discussing the topic at the DHS 2012 Information Technology Industry Day in Washington, D.C. Experts said the threats have not disappeared but rather have changed, and various DHS agencies have been learning how to better handle them. Alma Cole, chief systems security officer, U.S. Customs and Border Protection, described today's cyberthreats in a way the other panelists agreed with. In previous years, some of the most serious cyberconcerns revolved around malicious activity from personnel within an organization. Although that threat cannot be ignored, new network activity tracking capabilities are helping to keep that threat in check to some degree. And although hactivists may embarrass organizations in the public forum, today one of the largest threats is silent-those hackers who creep into networks to steal intellectual property or identification. But with a few years of tracking hacking beneath their belts, the DHS cybersecurity experts have put into place a number of solutions to help protect national infrastructure-both cyber and physical. Concepts of operations have been developed and central security control centers have been put into place. Both of these enable the DHS and its agencies to know what's going on across networks and what to do when suspicious activity is suspected or a breach occurs. In addition, today's capabilities provide forensics, which enables cybersecurity personnel to understand what happened and how to address the vulnerabilities. "We also have been able to get critical analysts to map out how people have been trying to attack our networks," Cole added. "And then, they are able to figure out how to stop them." While this news is mostly good, Dave Epperson, chief information officer, National Protection and Programs Directorate, pointed out that the volume of data these capabilities produce has become a challenge. He called for cyber visualization tools that are more specific than the "green, amber, red" and "trending" capabilities available today. Creating such tools is "tough to do," Epperson admitted, and he added that it is difficult even to describe the specific capability needed, but he said he will know it when he sees it.