As cyber security experts continue to look for more effective ways to deter threats, many see the battle over defending network perimeters has become a lost cause, and that new and more creative approaches are becoming essential.
What’s emerging, according to cyber system specialists in government, academia and industry, is a combination of strategies – some involving game theory, fuzzy logic, big data analytics as well as imposing the risk of costly consequences on attackers.
Rosemary Wenchel is one of those experts. Wenchel spent most of her career at the Department of Defense working on cyber issues, before being named deputy assistant deputy secretary for cyber coordination at the Department of Homeland Security, where she also oversees joint DoD-DHS cyber activities.
“What I’m seeing” in the realm of cyber defense, she said, are “new approaches to cyber security…rather than just perimeter defense.” Among them, is a growing interest in “cost imposing strategies, rather than just a technical response,” she said.
Reports, such as “Cyber Warfare: A ‘Nuclear’ Option,” issued by Andrew Krepinevich, are making an increasingly persuasive case as analyst Adan Elkus sees it, for applying cost-imposing infrastructure attacks that progressively raise the financial losses on would-be attackers.
Wenchel, who spoke at a recent Intelligence and National Security Alliance cybersecurity forum Washington, also said she is seeing huge growth in data analytics as a method for dealing with the rise of attacks occurring within network operations.
Matt Gaston, director, Cyber Innovation Center at Carnegie Mellon University’s Software Engineering Institute, gets to see new approaches working with a variety of organizations.
One area of innovation he sees taking shape is an effort by network operators and hosting service providers to work jointly, attempting to “triangulate analysis,” looking for zero-day threats by examining patterns on hard discs, memory storage space, and network traffic.
Another trend he is seeing are efforts by a new wave of companies, using open source technology, which specialize in crawling the entire Internet, looking for pages with embedded vulnerabilities.
He too is seeing the rise of specialty cyber firms, such as Shape Security, which promises to “alter the economics of web hacking,” by shifting the costs of hacking from defenders to attackers.
Another approach gaining traction, says Gaston, is the growing use of in-house network malware hunters – teams sitting on the network side of a system, pinging standard command and control channels on the network to see if they can discover and engage incidents of “talk-back” on the network that represent potential threats.
Gaston said he sees three developments that are fostering new innovations in enterprise cybersecurity:
1. Emerging pools of people who are intimately familiar with working with real problems, not simply interesting cyber security problems;
2. Increasing engagement of business owners – and a willingness to get those who own the missions and the technologies all together to make more iterative decisions;
3. Resources to make data accessible to a wider world of computing experts.
“I recently spoke with the security group at Google,” he said, who told him, without going into details, that some of their recent “success has come by giving them access to the data they have and the resources to examine them.”
John Jolly, vice president and general manager for General Dynamics Advanced Information Systems cyber division, echoed the shift in focus for network security specialists.
“When we look at the threats, we see a different paradigm compared to three years ago, as the threats have moved inside the network, rather than at the perimeter,” he said.
“That requires having situational awareness of what’s going on in your network, taking structured data, raw data, unstructured data…and using analytics to understand what’s going on in the network,” he said.
And because the threats often come in the form of coordinated network attacks from multiple vectors, he’s seeing a wider use of analytic techniques – including the use of big data analysis, game theory, neural nets, and fuzzy logic – to try to discern rogue behaviors lurking inside network systems.
“The challenge,” everyone is facing, Peter LaMontagne, CEO, Novetta Solutions, LLC., “is that volume of data we have. Teams just don’t have time to look at innovation solutions,” because most analysts are too busy looking at core areas of concern “and hope other things don’t flow by.”
That all comes at a growing cost.
“I’ve come to the view,” concluded Wenchel, “that software is the physical capture of intellectual property…this is the essence of a core business value,” and that organizations must come to terms with how to properly value and protect that property. Once they do, “that will change the calculus of value” – and hopefully, she said, the willingness to properly invest in more effective cyber practices.
(Pictured above left to right: John Jolly, Rosemary Wenchen, Matt Gaston, Peter LaMontagne and INSA Cyber Council Chair Terry Roberts at podium ).