Adversaries, and cyber criminal organizations in particular, are building tools and using techniques that are becoming so difficult to detect organizations are having a hard time knowing that intrusions are taking place. Passive techniques of watching for signs of intrusion are less and less effective. Environments are complicated, and no technology can find 100 percent of malicious activity, so humans have to “go on the hunt.”
Researchers in government and industry are combining advanced analytics with traditional detective work to quash dangerous cyberthreats from within. Instead of focusing on a silver-bullet solution to stop the insider threat, they are adopting an approach that consolidates information from multiple events to provide greater advanced warning of problems.
The recent hack, reportedly by Chinese sources, of the personnel files belonging to current and past U.S. government employees puts a face on the cyberthreat affecting everyone today—about 4 million faces, if Office of Personnel Management assessments are correct. Yet this hack is just one example of the looming cyberthreat, and while it offers valuable lessons to be learned, it should not serve as the exclusive template for securing networks and data.
Coming soon to a network near you: consolidation and reinvention.
Two years ago, the U.S. Defense Department developed the Joint Information Environment (JIE) framework. Since then, key stakeholders and drivers of the JIE have been working to realign, restructure and modernize the department’s information technology networks to increase collaboration among departments while reducing the cyberthreat landscape. The JIE vision is an integrated and interoperable joint enterprise environment that can be leveraged across all department missions—an extremely important development as Defense Department dependence on the network has never been higher and cyberthreats are rising.
Perhaps it began with Y2K, this realization that the unseen operational grid could come crashing down by the mere numerical click from one century to the next-but the threats to operational functionality in all areas of human-machine interface are very real. A cyber exercise conducted again this year will incorporate some changes to simulate new challenges.
This month, Linton Wells II drew his inspiration for Mission Assurance Moves to the Fore in Cyberspace from Deputy Secretary of Defense William J. Lynn III's recently published article, Defending a New Domain: The Pentagon's Cyberstrategy. Wells summarizes Lynn's strategy points, noting that taken on a whole they have a broader implication than just cyberdefense. It has more to do with mission assurance, he says:
Recognizing a threat is the first step to addressing it, and one way to do that is to track incongruities rather than just monitoring the status quo. In this issue of SIGNAL Magazine, Chris Sanders highlights an intrusion detection architecture that does just that. His article, "The Exception Becomes the Rule," focuses on how this system enables a rapid, flexible response to cyberthreats.