Protecting Platforms Only the Start
Ensuring communication goes beyond the technical is important for cybersecurity.
Cyber defense and mission assurance require technology solutions, but it is equally important to go beyond the access point and look at user behavior. Ward Heinke, vice president, strategic alliances, Government Markets, ForcePoint, started off the industry panel at TechNet Asia-Pacific with that point. He admitted it is not news about the human threat, or that the threat ranges from innocent mistakes to strategic attacks,but we are seeing the real life effects at an increasing rate he warned.
In one unfolding example, Heinke explained how Twitter and Facebook officials are going before Congress now because nearly half of the voting public received information that was created to get people to make a decision in a certain matter. If you apply that capability to influence to military command and control systems, it could be a big trust issue. Once access has been granted and information is flowing, you must be able to trust the information, he explained.
The amount of disinformation by the Russians is stunning, but we as a nation don’t think that way, warned Earl Matthews, DXC Technology. He also said the country needs to pay attention to Silicon Valley. There are a number of investors coming into Silicon Valley from China. That means they will get access to technology before we do.
In the video industry, the Chinese are using video for social engineering, and it is scary, added John Merlino, business development manager, Axis Communications.Matthews focused oncharacteristics that should be infused into cyber defense architecture. Speed matters; resiliency matters; intelligence matters; integration matters; analytics matters; intelligence matters.
In the next war, the fight for dominance will start in the cyberspace domain in phase subzero. Then the fight will go to air and space dominance. Whoever can achieve those three things will be the winner. When we talk about electromagnetic spectrum, we have taken for granted that we will take over the spectrum, but that might not happen in the next war, he added.
We really need to start pulling together more processes to ensure tasks and duties assigned for this mission are protecting all platforms, all communications systems and all computers and command and control systems, said Douglas Booth, director, Cyber and Airborne, Electronic Warfare, Lockheed Martin. The three realms to focus on are: advanced mission operations, where we operationally prepare the battlespace; defensive operations for protecting the ability to fight through any type of attack; and offensive where we have non kinetic capabilities to ensure better kinetic solutions, he said.
A balanced approach is needed. “Don’t do all of one and forget about the other,” he advised.
Booth explained how cyber tabletop exercises are a way to ensure you have cyber ops throughout a mission plan. They help identify vulnerabilities; incorporate cyberthreats both inside and outside the standard domain; incorporate cyberthreats both inside and outside of standard domain; and define mission test objective.
“No conference or high-level meeting goes on where you don’t talk about cybersecurity,” acknowledged Chris Smith, ice president, Global Technology Office, AT&T. Back in the day, worms were affecting relatively small groups of people around the world. Today 10 to 100 million individuals are affected, he said. The reality is that we are going to be denied the opportunity to operate and may not be able to act at will.
We need industry, defense and academic working together. Adm. Richard Macke, USN (Ret.), the panel moderator agreed, emphasizing that, “Most certainly teamwork is absolutely essential to give us the edge we need in a world that is extremely competitive,” but the real work has to start in kindergarten where we need to “teach cyber sanity.”