Avert­ing catas­tro­phe in cy­berspace: core re­quire­ments


The in­for­ma­tion rev­o­lu­tion has trans­formed ev­ery facet of com­merce and cul­ture, in­clud­ing the mil­i­tary en­ter­prise. Un­for­tu­nately, it has also em­pow­ered ex­trem­ists, crim­i­nals and agents of en­emy nations who can use cy­berspace to sub­vert or de­stroy in­for­ma­tion re­sources vi­tal to US se­cu­rity. The fed­eral gov­ern­ment has launched a com­pre­hen­sive cy­ber­se­cu­rity ini­tia­tive to counter such threats. The most ad­vanced, per­sis­tent threats are posed by state-spon­sored per­pe­tra­tors, es­pe­cially those oper­at­ing in China and Rus­sia.

The fed­eral gov­ern­ment has made ma­jor strides in de­vel­op­ing de­fences against cy­ber es­pi­onage and ag­gres­sion. How­ever, its ef­forts are im­peded by the chang­ing char­ac­ter of threats and the in­fancy of tech­niques for ad­dress­ing them. The ab­sence of agreed stan­dards and met­rics for as­sess­ing per­for­mance some­times leads fed­eral agen­cies to se­lect cy­ber­se­cu­rity providers who lack the breadth and depth to cope with all po­ten­tial threats. The gov­ern­ment can­not sus­tain a truly com­pre­hen­sive cy­ber­se­cu­rity pos­ture un­less its top providers sat­isfy five core re­quire­ments:

1. Sit­u­a­tional aware­ness. Ca­pa­ble providers must be able to pre­cisely mon­i­tor the per­for­mance of in­for­ma­tion sys­tems and net­works they are pro­tect­ing, pre­dict­ing and/or de­tect­ing threats based on ex­ten­sive un­der­stand­ing of ad­ver­sary be­hav­iour. Aware­ness of dan­gers must be shared with po­ten­tial vic­tims in time for them to min­imise harm, and providers must then be able to as­sess the suc­cess of re­me­dial ac­tions.

2. Full-spec­trum skills. A com­pre­hen­sive cy­ber­se­cu­rity pos­ture re­quires providers with ex­per­tise and ex­pe­ri­ence in the full ar­ray of rel­e­vant skills. That in­cludes all the ma­jor dis­ci­plines as­so­ci­ated with com­puter-net­work de­fence, com­puter-net­work at­tack, and com­puter-net­work ex­ploita­tion. With­out an in­te­grated un­der­stand­ing of all the nec­es­sary skills, fed­eral providers can­not de­ploy the full panoply of tools needed to counter ad­vanced threats.

3. Op­er­a­tional agility. The pace of ac­tiv­ity in cy­berspace re­quires providers that are ex­tremely ag­ile in re­spond­ing to new threats. Ide­ally, those providers should be able to ap­ply their sit­u­a­tional aware­ness and full-spec­trum skills to an­tic­i­pate dan­ger be­fore it ac­tu­ally oc­curs, but at the very least they must have the ca­pac­ity to de­tect, an­a­lyse, iso­late and de­feat en­emy moves quickly, even when the threat is a “zero-day” at­tack with no pre­vi­ous his­tory.

4. Or­gan­i­sa­tional ma­tu­rity. Ma­tu­rity mod­els are used in many fields to as­sess or­gan­i­sa­tional ef­fec­tive­ness in ap­ply­ing best prac­tices. In the cy­ber­se­cu­rity arena, such mod­els can be used to as­sess both gov­ern­ment pre­pared­ness and the prac­tices of out­side providers. Ma­ture so­lu­tions to cy­ber chal­lenges typ­i­cally stress val­ues such as af­ford­abil­ity, scal­a­bil­ity and tech­ni­cal readi­ness. Com­pa­nies ca­pa­ble of pro­vid­ing those so­lu­tions tend in turn to have ma­ture cul­tures stress­ing re­ten­tion of tal­ent, con­tin­u­ous train­ing, and di­verse ex­per­tise.

5. En­ter­prise com­mit­ment. Cy­ber­se­cu­rity is an in­fant in­dus­try with many re­cent en­trants. The com­mit­ment of some providers to the busi­ness is hard to gauge. How­ever, it is not fea­si­ble to fash­ion com­pre­hen­sive re­sponses to cy­ber­se­cu­rity chal­lenges un­less cus­tomers and providers alike are com­mit­ted to the mis­sion. The com­mit­ment of providers can be de­ter­mined by as­sess­ing how long they have been in the busi­ness, how deeply they have in­vested in tal­ent, and how ex­ten­sive their col­lab­o­ra­tive ties are with other cen­tres of ex­per­tise.

Ex­cerpts from a Lex­ing­ton In­sti­tute re­port

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.