WHAT THE CHIEFS SAY

Summer 2012

by Jeff Snyder

It seems like every day that we hear about the emerging and growing set of cyber threats, whether from nation states trying to steal intellectual property, cyber criminals attempting to steal credit information or money, or just political activists who want to emphasize one cause or another. Whatever the case, the threats are real, stealthy, persistent and are happening in real-time. 

For a moment, consider just the range of cyber threats alone that we face each and every day that can eviscerate our critical infrastructure or destabilize our economic viability. Some of the more pervasive avenues include mobile device exploitation, targeting insecure web applications, Advanced Persistent Threats (APTs), BOTNETS, Phishing techniques, and the use of social media channels.

Threat Mitigation Techniques and Potential Solutions

Given the heightened cyber threat environment, there are a number of techniques to address this growing threat.  Best practices generally support a “layered,” or multi-faceted approach to protect the enterprise or critical infrastructure from both external and insider threats. A general approach would include a perimeter security solution; supply chain security; associated secure software development practices; secure embedded processing for mission critical applications; and insider threat monitoring.

Perimeter Security Solutions – The first stage of defense rests with an effective perimeter security solution to protect the external boundaries of an enterprise or critical infrastructure. This is typically a distributed architecture of intrusion detection sensors, firewalls and other tools, integrated into a round-the-clock cyber command center staffed by well-trained analysts. Nonetheless, perimeter solutions are penetrable by an advanced adversary.  Additionally, sensors today are still “signature-based,” which creates a challenge to defend against new threat signatures that have not yet been detected, analyzed or updated. Efforts are underway to develop and migrate to intrusion prevention sensors that can better predict and block new threats from compromising an infrastructure.

Supply Chain Security and Secure Software Development Practices – There are also significant developments to minimize exploitation vulnerabilities in software, hardware and firmware that are integral to fielded systems. Many large organizations are focused on policies to address secure software development practices as well. Beyond using software scanning tools, it is important to integrate secure software practices into the culture of the organization. Some firms have found that using judicious secure software development processes can reduce vulnerabilities associated with mission critical software by 70%.  
Secure Processing Initiatives – The next level of a nested defense involves hosting mission-critical applications and information at the processor level. INTEL’s acquisition of McAffee suggests a new level of interest in migrating cyber defense techniques to the processor.

Insider Threat Considerations – Previous discussions focused on the external threat and the risks they pose. Yet, many in industry firmly believe that the most significant threat remains the “insider.” Policies are taking shape to address the insider threat problem through the use of proven technologies to monitor computer activities for unusual behavior.  
A more comprehensive cyber solution involves much more than installing a few firewalls to block the novice attacker. The advanced cybersecurity threat is very real, complex, zero-day and persistent. As such, it takes a layered, multi-faceted approach to minimize the probability of experiencing cyber harm from both external and insider threats.