ISAlliance on Defense Industrial Base Cybersecurity

Wednesday, April 21, 2010

Marjorie Morgan


From The Internet Security Alliance

More information on the ISA's analysis of the economic impact of cybersecurity issues can be found in a new publication from the ISA and the American National Standards Institute (ANSI), The Financial Management of Cyber Risk: An Implementation Framework for CFOs.

The most pressing cyber security issue facing defense industrial base (DIB) companies is a near existential threat from state-sponsored foreign intelligence services (FIS) who possess the capability to establish deep and persistent access to our networks, accessing sensitive intellectual property (IP) that has long term negative implications for US national security.

The current technologies are woefully inadequate. They can deter the average script kiddies but provide little defense against foreign state sponsored attacks and espionage, which represent 5% of the threat responsible for some of the most serious damage.

Signature-based intrusion detection, firewalls, and anti virus technologies are all deployed, but they do little to identify or prevent more sophisticated adversaries.

We are responsible for protecting against physical, cyber and economic attack – the unique solutions we provide are a top target for cyber and nation state sponsored cyber crime.

DIB member networks are routinely exposed to hostile intelligence collection as a result of our adversary’s ability to exploit end users and basic network vulnerabilities to gain deep access to proprietary networks.

The fundamental problem the defense industry, and perhaps all industries face, is the inherent anonymity of the internet. Almost all our most serious problems stem from the fact that it is too easy to disguise your identity and location.

Spam, spoofed e-mail addresses, multi-hopping exploits, and third party domain registration all serve to make internet crime and intellectual property theft all but impossible to prevent.

To date, little has been done to raise the costs to the adversary for perpetrating cyber-based crimes against this country’s industries and government.

DIB member cyber security operations are largely ill-equipped to discriminate between professional intelligence operations, competitor collection efforts, and common criminal activity on their networks.

Many network operations centers remain oriented toward signature-based detection schemes designed to counter threats over a decade old.

Most DIB members lack the expertise to accurately determine who is targeting them, what information is at risk, and how these entities are accessing and exfiltrating their most sensitive information.

The detailed second and third phase all-source intelligence analysis necessary to fuse technical cyber-indicators with broader, non-technical threat intelligence typically falls into an ill-defined area of responsibility between physical and information security departments for DIB organizations.

The result is little effort devoted to this critical all-source analysis that can give meaningful context to the threats they face.

Many DIB organizations are being daily penetrated — often with little awareness — by highly sophisticated, professional state sponsored groups and other experienced organized criminal operations using custom-designed tools that enable them to perform detailed network reconnaissance and data exfiltration at will.

Consequently, most DIB member information security professionals, faced with limited budgets and junior personnel, are locked in a reactive defensive posture.

This position allows for little more than signature-based perimeter monitoring and — if detected — malware eradication as an operating paradigm against professional foreign intelligence operations tasked with penetrating, surveying, and exfiltrating specific sets of information. This is not a problem any single company can address.

We can invest a great deal of time and money to treat the symptoms (detect and respond to incidents), but only the international internet community can begin to address the problem.

The erosion of this nation’s R&D capabilities will continue until a comprehensive US national policy is developed — and worked in concert with the international community — to identify conclusively those nation-states or other entities providing explicit or tacit support to groups targeting the US, the problem will continue unabated.

We believe this is an intelligence war and that the most pressing issue is the theft of our intellectual property, which has major national security implications

The US Government needs to generate and share with the private sector an operational understanding of how adversaries create and exploit our cyber vulnerabilities, disclosing the extent and reach of the adversary’s capabilities.

DIB members need timely, actionable information regarding our adversaries’ collection targets to better secure sensitive intellectual property and to ensure future competitiveness against both domestic peers and new foreign entrants into this market space.

Many foreign intelligence services support their commercial sector as a core mission; an activity which the US Intelligence Community is prohibited from performing. DIB member companies urgently need more timely support from US counterintelligence agencies when they identify ongoing foreign intelligence collection operations or other criminal activity.

When provided to DIB members, US Government indications and warning (I&W) intelligence frequently lacks context, is too heavily focused on domain and IP blacklisting, provides little or no finished analysis, and is generally too old to constitute actionable information.

US federal law enforcement and counterintelligence agencies need to inform relevant private sector information security staff what is being targeted in cyber operations by our adversaries and, to the extent they know, why to enable predictive analysis necessary to prevent future attacks.

The US Government, whether DoD or DHS, must provide incentives for the private development of promising technologies that move the community away from outdated signature-based detection modalities and instead focus on powerful combinations of sophisticated behavior analysis and change detection for enhanced anomaly identification.

The government can identify the best technologies and protocols and then drive government networks towards them.

What can the US Government do to best assist you in improving your cyber security in the long term?

US Government entities can focus on technologies or strategies that allow DIB members to shift from a passive, forensics-based defense to an active posture incorporating real time intelligence updates that anticipate the adversaries’ targets and tactics. Government policymakers must combine innovative technology solutions with substantive diplomatic, economic, and policy efforts abroad to make our adversaries’ operational costs and risks unacceptably high.

The US Government needs to provide greater research incentives for next generation behavior based technologies. If the government invests in game changing technologies and provides incentives for the market to invest in them, DIB members can raise the bar on cyber defense technologies.

The current market will partially drive that process, but it is currently confined to creative pockets. Measures to stimulate increased market pressure will drive this innovation into broader market spaces.

Government agencies can create a regulatory mechanism for information sharing that provides incentives for the DIB members to divulge intrusion information in a safe or non-attributive forum and that ensures good-faith data sharing efforts do not result in lost acquisitions, weakened competitiveness, or similar punitive outcomes from DoD and other government policymakers.

US Government innovation centers such as DARPA, IARPA, and In-Q-Tel can be leveraged to provide the R&D funds, expertise, and incentives for technology development to make defense industry networks a hard target for the adversary.

Invest in research in tamper proof protocols. Use these protocols on and between government networks. The commercial world will follow. If government continues to buy Commercial Off-the-Shelf products, though, they will always lag the market instead of driving it.

The US is facing a severe national security challenge from a pervasive, deep penetration of government and private industry information networks by foreign intelligence and organized criminal entities.

These efforts have the potential to erode the nation’s position as a world leader in S&T innovation and competitiveness.

Foreign intelligence services and sophisticated criminal enterprises have discovered that US government and private sector information, once unreachable or requiring years of expensive technological or human asset preparation to obtain, can now be accessed, inventoried, and stolen with comparative ease.

The return on present investment for targeting sensitive US information in this way is extraordinarily high and the barriers to entry extraordinarily low.

Cyber-based operations are the new intelligence battle space of the 21st century and we are currently ill-prepared to defend ourselves. US infrastructure and information networks remain virtually wide open to the sophisticated attacker, be they state sponsored intelligence or purely criminal in mission.

We can't control the Internet, it is woven too deeply into the international fabric and is too unstructured. The entrepreneurial spirit that drives the Internet allows good ideas to bubble up and circulate immediately; however, the same is true for bad ideas. This dynamic creates significant background noise in the world of emerging technology and innovation.

Cyber security is not a problem that we “solve” but rather, like Cold War-era intelligence threats, is a risk to be managed by a combination of generational leaps in defensive technology, paradigmatic shifts in analytic approach combined with strong diplomatic and economic policy initiatives abroad.

These efforts, operating in tandem, can ensure that the United States counters this existential threat to our S&T competitiveness while safeguarding long term national security.

The Internet Security Alliance (ISAlliance) was created to provide a forum for information sharing and thought leadership on information security issues. The ISAlliance represents corporate security interests before legislators and regulators, in so doing the alliance aims to identify and standardize best practices in Internet security and network survivability, while creating a collaborative environment to develop and implement information security solutions.

Possibly Related Articles:
Enterprise Security Security Awareness
Internet Security Alliance Cyberwar
Post Rating I Like this!
john jones I think that there are many systems you can put in place for CyberSecurity. You need to have a malware, a business continuity software and a data recovery software. These are just a few things. My business is currently looking for ways to increase our CyberSecurity and we have been doing a lot of research on what systems are best. We are still deciding on a data recovery software. Do you have any suggestions? I came across this website and wondered what you thought? We also need help choosing a malware. I was reading on your website in another article that you suggested ThreatExpert. Do you have any other suggestions? Thanks for your help.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.