The publishing of the Pentagon's Cyberstrategy by William Lynn will the the subject of todays Cyber Defense webcast on BrightTALK
Tune in live at 3 PM (GMT -5) or listen anytime to the recording:
William Lynn,the US Deputy Secretary of Defense wrote the most succinct description of the US Pentagon Cyberstrategy yet in the September/October issue of Foreign Affairs. Here are the good, the bad, and the ugly components of that strategy.
The good. Lynn begins by acknowledging successful cyber attacks against the US military, in particular the intrusion via USB thumb drives that occurred in the fall of 2008. This intrusion led to the Pentagon making an unprecedented move to ban USB thumb drives from the military; a ban that was only rescinded in February 2010. The cleanup effort to recover from the widespread worm infection, that Lynn claims was initiated in a Mideast base by foreign agents, was dubbed Operation Buckshot Yankee (OBY) in the Defense Department and Operation Rampart Yankee in the Army.
Lynn also states “To stay ahead of its pursuers, the United States must constantly adjust and improve its defenses.” This is an important acknowledgement and reflects the state of cyber defense for every organization. There is no single technology solution to be deployed that will counter all threats and even the latest and greatest technology will not defend against tomorrows attack methodologies.
Deterrence has been the subject of many recent reports coming from think tanks and cyber commissions. Most have taken the view that cyber offensive or retaliatory measures must be in place to deter assailants. I like Lynn’s take:
“deterrence will necessarily be based more on denying benefit to attackers than on imposing costs through retaliation.”
In other words, a strong defense is the best cyber defense.
Lynn also addresses the issue of international cooperation: “If there are to be international norms of behavior in cyberspace, they may have to follow a different model, such as that of public health or law enforcement." Agree.
I can find no fault with Lynn’s summary:
“The principal elements of that strategy are to develop an organizational construct for training, equipping, and commanding cyberdefense forces; to employ layered protections with a strong core of active defenses; to use military capabilities to support other departments' efforts to secure the networks that run the United States' critical infrastructure; to build collective defenses with U.S. allies; and to invest in the rapid development of additional cyberdefense capabilities. The goal of this strategy is to make cyberspace safe so that its revolutionary innovations can enhance both the United States' national security and its economic security.”
Cyber Defense Weekly Aligns with Infosec Island
Infosec Island (www.infosecisland.com) and the Cyber Defense Weekly are pleased to announce a strategic partnership geared towards bringing the latest in information security news and best practices to our respective audiences through on-going content and knowledge exchange.
The Cyber Defense Weekly, produced by IT-Harvest, is an email newsletter created to give subscribers a comprehensive summary of the week's cyber news, security product announcements, and advance notice of any escalations in current cyber threats.
Infosec Island is a member-driven community of information security professionals committed to serving the risk mitigation needs of SMBs and mid-market enterprises across numerous industries, government agencies, legal, financial, healthcare, educational, nonprofit organizations, and the information security community at large.
Infosec Island member/contributors include high-level security and compliance professionals from government and private industry, and membership is free - register here.
In today's hyper speed world, information security breaches and new compliance regulations come fast and furious. IT and network security professionals need a safe haven where they can find the help and information they need quickly and easily. Infosec Island combines an online community, security portal and a social network all-in-one.
The Cyber Defense Weekly is the brainchild of Richard Stiennon, a renowned security expert and industry analyst who has a reputation for shaking up the security industry by providing actionable guidance to vendors and end-users.
Richard is the founder of IT-Harvest, an independent security analyst firm, and was formerly the Chief Marketing Officer for Fortinet, as well as the Vice President of Research at Gartner. Richard is a holder of Gartner's Thought Leadership award and was named "One of the 50 most powerful people in Networking" by NetworkWorld Magazine. Richard is also the author of Surviving Cyberwar (Government Institutes, May, 2010).
Infosec Island combines the benefits of personalized services with profiles of companies and organizations and their unique network and technology installations. Infosec Island enables the delivery of high value-added information, advice, security alerts, free network security tools, and services.
Both Infosec Island and the Cyber Defense Weekly look forward to working together to continue our efforts to provide cutting-edge security news and compliance best practices, and we welcome your participation - shared knowledge reduces the overall risk profile for everyone.
Tune in to Cyber Defense Webcast on BrightTALK
Rampant Yankee and Buckshot Yankee are the topic for today's webcast. Tune in Tuesday, August 31, at 3 PM to this special event.
Intelligence and Cyber Command Job Opportunities
From Jon Stout at InfoSec Island: The Cyber Command reorganization and consolidation creates significant employment opportunities for Cyber Security professionals and, equally important, has the potential to allow for easier and more rapid facilitation of high level security clearances.
raining and certification is now a mandatory requirement for employment. Whereas in the beginning of the computer industry, many people specializing in cyber security or network security were self-taught.
ut now that these issues have come to the attention of a wider public - including business and government - academic degree and training programs in cyber security and network security are available from many colleges, universities, and other academic institutions.
ecause of these requirements and the growing awareness of the importance of Cyber Security, demand for experts has increased dramatically. Most marketing researchers believe that the Cyber Security market will see annual double digit growth at least until 2014 and beyond.
This growth and resultant demand for Cyber professionals will result in premium wages and benefits for Cyber Professionals.
Read Jon's excellent summary of Cyber Command organization.
USDA grants $10 Million Cyber Security Contract to ManTech
Agriculture has been defined as part of the US' critical Infrastructure. A $10 million award to ManTech for security monitoring, alerting, and response is small but then USDA is one of the smaller Federal Agencies. Look for more such contracts.
Industry News: More M&A
St. Bernard acquires Red Condor giving them a hybrid appliance-cloud web security strategy. A adding to Identity and Access Management portfolio with acquisition of Arcot Systems, a $200 million deal.
Cyber Defense Weekly from IT Harvest is a newsletter created to provide a comprehensive summary of the week's news, product announcements, and escalations in cyber threats. Simply provide your email address here to become a subscriber.