Critical Changes Loom in Cyber Direction

March 2012
By Kent R. Schneider, SIGNAL Magazine

Cyber threats draw much of the focus in today’s information technology realm. The threat profile in cyberspace is growing and becoming more complex, more sophisticated and more diverse.

Today’s adversaries are well-funded and agile. They are not bound by rules of law or by the cumbersome acquisitions processes required in Western nations. Worse, adversaries are using the infrastructure we have spent so much time and money to develop.

At the same time, as industry, government and the military have moved to everything over Internet protocol and placed emphasis on information sharing to an unprecedented level, they have made themselves more vulnerable. Add to that the use of new technologies that include cloud and mobility, and quickly it becomes apparent that no one any longer can ensure that adversaries can be prevented from penetrating networks, systems, applications or databases.

Given all of this, the emphasis in what universally is being called active cyber defense has shifted to protecting critical infrastructure, applications and data at the object level. At the same time, it is important to mission assurance that friendly forces are able to operate in cyberspace when the environment is hostile, including during active attacks.

Cyber crime, cyber terrorism, cyber activism and cyber warfare all are global. Yet increasingly, the response to this range of threats is regional and international. Situational awareness and shared response now often are coordinated on an international basis.

At the recent Cyberspace Conference hosted by the AFCEA Rocky Mountain Chapter in Colorado Springs, Teri Takai, the U.S. Defense Department chief information officer (CIO), presented the first public vetting of the new Defense Department CIO Roadmap. In her presentation, Takai outlined some of the current and future strategies for Defense Department cyber security. These include several important aspects.

One of these is identity management. Anonymity must be eliminated for mission-related and sensitive data and applications. The key is to implement identity management for all mission and business partners, including industry, non-government organizations and international coalition partners.

Another aspect entails consolidation, integration and, when appropriate, virtualization of networks, computing and data storage to achieve a defendable architecture. Many of the senior national leadership in defense, homeland security and intelligence have acknowledged that the current architecture is not defendable because of inconsistent standards, protocols, technology and administration. Networks, data centers and enclaves are too numerous to even maintain adequate situational awareness. At the same conference, a number of industry panelists commented on the significant progress being made on security in the cloud and for mobile platforms.

The roadmap also cites effective use of data tagging and wrappers. With identity management in place and with agreement on the business rules for role-based access, access controls can be effective based upon appropriate and consistent metadata. Effective data tagging must be embedded in standard processes. For legacy data, wrappers can be used to protect information not tagged at the time of generation or storage.

And, another aspect is control of application execution. The National Security Agency (NSA) is working with the Defense Department on “whitelisting.” This is the concept of permitting only authorized applications to execute within a processing environment, whether on a single processor or in a virtual environment. This type of solution prevents someone from either maliciously or accidentally executing an application that can do harm. Only applications specifically authorized by the system administrator can execute. With such protection, malicious code inserted in the system by any means can do no harm because it will not be allowed to run.

While some loss of agility occurs, the benefit to security is obvious. In the past, the security community has installed defenses to malicious code after the fact. That is, when vulnerability is discovered, patches are distributed to close the gap. There are two problems with this old approach: it is always lagging the threat, and applications of patches are inconsistent. Whitelisting effectively addresses these shortcomings. If the software image is standard and properly administered, then protection from executables is effective.

So the cyber security discipline continues to mature in the face of the increasing threat. It will take concerted effort by governments, industry and individuals to fully address the problem, so all of us must be committed to this work.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.