Cyber Policy and Customerization

Congress is near to passing a bill that emphasizes that federal agencies consider buying security that is baked into hardware and software. Additionally, this potential bill (probably to be introduced next year) establishes an executive cyber office in the White House and calls for continuous monitoring. My first reaction is that this bill is great and long overdue given the growing number and complexity of cyber attacks foisted on government entities and enterprises with “high value assets”.

While the words ring true, I have to stop and wonder if this initiative is enough, or merely a compromise. My reaction as a businessman is that it is great to have security and continuous monitoring built in to protect against cyber attacks. For many cases, this type of security is probably acceptable as a good baseline. Yet, as an executive in the security business, I see the problem as more complex. Can security be “standardized” or do you need to understand the complexity of security in the context of the application and the type of assets and applications you need to protect? I believe that it is the latter.

The industry clearly must champion the cause whereby security is heightened in the decision process of buying hardware and software and in the management of the IP networks which are the lifeblood of business.

In a recent survey we conducted with Government Security News Magazine, 80% of those surveyed felt that one company could not provide all the cyber security needs. Additionally, more than 60% indicated that they don’t have adequate skills necessary to manage security. So in addition to the bill – which is a great start – the industry must make buyers aware of the options at their disposal. Moreover, if we are to really make progress in our collective effort to combat cyber threats, participants in the industry will need to provide a more comprehensive plan and more robust tools that complement security that is built into software and hardware. By way of analogy, think about integrated stereo systems e.g. boom boxes, vs. a specially designed audio system tuned to the uniqueness of the environment. In cyber security, especially in protecting carrier, government, and high value infrastructures, I believe we need the custom version or at least “customerized” version of security.

Maintaining the integrity of critical network assets

This is a little different than a marketing blog but it has to do with keeping business assets protected. And that certainly fits into the business of doing business.

Did you know that more than 25 million new strains of malware were uncovered in 2009? And that the US Senate Security Operations Center reported nearly 14 million cyber attacks per DAY!!! These are staggering figures. According to the Department of Homeland Security, cyber attacks roles three fold from October 2005 through October 2007 and the belief is that the attacks are increasing at an exponential rate. These alarming statistics have awakened the government and the President has made cyber security a top priority with the initiation of the Comprehensive National Cyber Security Initiative and the appointment of Howard Schmidt as the government’s cyber czar.

I was reading some comments that George Kurtz, EVP of McAfee, made at a recent FAA conference on Cyber Security and it made me think. He said that we need to find a way to solve an attack (on a network) in 15 minutes vs. the 24-72 hours we now take. For the home user, using McAfee with its signature-based approach is fine, and I probably can wait for a short time to have a new virus or Trojan signature uploaded to my computer. (Full disclosure: I use McAfee on three of my PCs). However in a critical network – be it FAA, a carrier network, a government agency, a SCADA network, or a health care network- where the asset value is high or the compromise of data would result in economic loss or even physical disaster, we don’t have the luxury of time. At line speeds now approaching the multi-gigabit level, 15 minutes means that an inordinately large amount of traffic/data has worked its way onto a target network. It’s not that signature based approaches are bad at all; they serve a purpose. Yet, they don’t go far enough for a critical network.

The key to protecting these critical networks is based on a dynamic understanding of what is happening. By definition, once a signature is developed, it is old- still useful for some but not all users. To maintain the integrity and availability, companies, carriers, and government entities must have situational awareness and know what is happening at all times. This requires a mosaic of different protection devices such as the normal firewalls, IDS/IPS systems, and forensic analyses. Yet, these systems and appliances must be complemented by a new class of products called network intelligence analytics which provide a dynamic three dimension view of data correlated with other data and correlated in both space and time. Only through this three dimensional view and the visualization of what is transpiring in the network will protection against cyber attacks be minimized. This nascent part of cyber protection is led by companies such as Narus whose traffic intelligence platform called NarusInsight provides the dynamic analytics that the network and security officers need to see what is happening across layers 2 through 7 in their networks. By processing the data in real time and applying real time analytics vs. mere forensics, the network and security officers can act swiftly to mitigate attacks.

Still, attacks will occur and the industry needs a call to action to aggressively respond to these attacks. The industry nees to band together in a collaborative fashion to thwart these attacks- or at least slow them down. At a recent RSA conference on security, several experts, including Greg Oslan, CEO of Narus, suggested a joint collaboration between government and private entities. That is thankfully coming about. Yet even within companies and across companies, network managers and security officers must share information, work across silos ( security and network operations are not necessarily engaged together nor share common platforms), and work across all areas of business. By doing so, we can view the problems and therefore the solutions through a multi-faceted approach. Coupled with a mosaic of complementary and new technical solutions, the industry will have the best opportunity to maintain the integrity of critical network assets vital to our economy and national defense.