Resiliency and Recovery Offset Cybersecurity Detection Limits
Not only is the cost of cyber intrusion severe, the likelihood of it occurring is assured. Cybersecurity defenses must be flexible, innovative and persistent to address an ever-changing threat.
Not only is the cost of cyber intrusion severe, the likelihood of it occurring is assured. Cybersecurity defenses must be flexible, innovative and persistent to address an ever-changing threat.
A cycle of measures, countermeasures and counter-countermeasures is necessary, and if you do nothing else, you must remain flexible, advises Rear Adm. Jay Cohen, USN (Ret.), principal, The Chertoff Group. There is no silver bullet to protect everything, he emphasizes.
Adm. Cohen, a former undersecretary for science and technology, U.S. Department of Homeland Security, points out that, “Everything about us is either a one or a zero, from entertainment, to communications to our 401ks.” In a world where networks control toasters, the temperature of wine in the refrigerator, the thermostat and even car repairs, hackers can hack both performance and homes, he relates. People must have dependable software in their day-to-day lives even though they live in a state of constant threats, he suggests, while speaking at the AFCEA Solutions Series George Mason University Symposium, in Fairfax, Virginia, about the underlying issues and costs of cybersecurity.
The Homeland Security mission for cybersecurity aligns closely with the theft component, but for the Defense Department, the consequences are much higher. In the Defense Department, if a network is compromised, people die, he states. Network Centric Warfare is a “pact with the devil. When we are so dependent on the net, the net becomes the target, and it is a non-kinetic target.” Deceit, deception and intrusion are all factors, he adds.
While not minimizing the severity of the technology threat, the admiral warns that an even bigger concern is the insider threat. Systems should have parameters set and then be monitored for alerts that occur when downloads vary from normal user behaviors, he says. There needs to be more attention to stopping individuals within an organization who commit cyber crime, such as Edward Snowden.
Staying ahead of the cyber threat requires funding. While “flat is the new growth” for the federal budget, Adm. Cohen suggests, the bright spots are in intelligence and cybersecurity because these things are critically important. Nevertheless, he warns, “Until we have a major event that affects each and everyone of us, we are not going to get it right.”
“So can we do something, or are we stuck?” asks Dr. Arun Sood, professor of computer science and co-director, International Cyber Center, George Mason University, also a speaker at the George Mason event. “Assuming it is possible to have 100 percent detection of intrusions is folly,” he suggests, adding that the amount of time to identify malware on systems is months, with an average of 240 days to detection.
Because all intrusions cannot be prevented and because intruders persist for long periods, Dr. Sood recommends that instead of investing mainly at detection capabilities, systems should be built with cyber resiliency and recovery as the focus. He suggests that a process called self cleansing intrusion tolerance (SCIT) would solve a lot of the concerns as the server integrity is restored to a clean state on a frequent schedule to remove malware. Using redundancy of servers to make the rotation of clean servers transparent to users, online servers move from online to offline as often as once a minute. As a pristine server goes online, the one it replaces is restored to a clean state from servers that never go online. Rotation and cycle time are the variables, so for critical systems, the rotation might be once a minute but for something such as a website, the rotation might be six hours.
People attempting to infiltrate the system only have a one-minute window, so they have to start over continuously. They will not get very far in their intrusions, and the repetition of the same task by the intruders as they start over helps with the forensics of intrusion attempts. Still, a lot of damage can be done in an Internet minute, Dr. Sood acknowledges. No system is going to be perfect because the threat is persistent.
The possibility also exists that the offline system, assumed to be pristine, could be corrupted, and in that case, the malware would be copied with each server rotation. Even so, Dr. Sood says the fact that malicious actions have to restart each minute mitigates this threat.
Brian P. Gallagher, senior vice president, operational excellence, CACI, agrees on the importance of resiliency. He says it should be a design consideration. Yet he acknowledges the challenges in designing engineering systems, operations and missions so they are resilient. “You have to decide today what you are going to do about what you do not know,” he explains.
The supply chain can also be a threat to a pristine system. What happens if malware is inserted into a system before it is delivered? Gallagher says contractors must have a system to identify and remove malware parts. Contract language can only go so far. “Bad buys are still going to insert the malware and put in counterfeit parts, not just cheaper ones, but those that do other things that we don’t want parts to do,” he says.
The two-day conference focused on a variety of critical issues in command, control, communications, computers and intelligence and featured speakers on topics including computer security; quantum computing; supervisory control and data acquisition (SCADA); robotics; and science, technology, engineering and math (STEM) education. Conference videos are available at www.afcea.org/events/gmuc4i/video/2014.