The push to adopt continuous monitoring as a more advanced means for ensuring network security can only work if other network technologies are made secure, said a leading computer scientist from the National Institute of Standards and Technology.
Agencies need to understand the underlying security issues, beyond what continuous monitoring can offer, because adversaries can take advantage of weaknesses to bring down network capabilities, said Ron Ross, senior computer scientist and fellow at NIST. Ross (pictured above, seated far left) made the remarks at the recent Symantec Government Symposium on government security practices.
Continuous monitoring systems are being set up in government computer networks to make sure that they meet federal information security mandates. While these systems are efficient ways to ensure that rules and standards are met, Ross and other experts warned that agencies are still vulnerable if they view continuous monitoring as a stand-alone system rather than a part of an integrated network defense.
Now in its second year, the government’s CyberScope initiative has been moving federal agencies to install the monitoring and vulnerability tool to help them comply with Federal Information Security Act standards.
One of the goals of CyberScope is to move agencies away from traditional paper-based compliance and focus more on securing the systems that support their day to day operations, said Anjalique Lawrence, the Government Accountability Office’s assistant director for information security (pictured seated second from left).
The surge in cyber incidents, from probes to outright attacks, highlighted at the symposium by NSA Director and U.S. Cyber Command chief Gen. Keith Alexander, is why the GAO is promoting government-wide continuous monitoring, Lawrence said. She noted that 22 of the 24 largest federal agencies reported maintaining information security as a continuing challenge for their organizations.
The GAO has made hundreds of recommendations over the years, but technologies such as continuous monitoring are intended to help make agencies more compliant with federal cyber security standards, and more secure, she said. But agencies have made mixed progress.
Although 80% of network security issues can be addressed through due diligence, Ross said the remaining 20% is more challenging because they include inherent design flaws in existing computer technology. These systemic issues must be addressed for networks to be truly secure, he said.
Ross advocated a national dialogue about the use of continuous monitoring technologies. Continuous monitoring cannot work by itself, but as part of a balanced approach to security, he said.
There is a need for an integrated solution to address security problems, said Van Ristau chief technology officer with DLT Solutions (pictured at far right). Integration is important because all agencies are different and it is not possible to be completely secure with an unmodified commercial solution.
Organizations must also make sure that their monitoring systems have room to evolve and keep up with changing technology, he said.
Traditional security policy compliance is very labor intensive and the results have not been particularly satisfactory for the government, Ristau said.
Much of the current technology allows for continual monitoring, but it has not quite reached its real time potential. Full real time capability is probably still a year or more away, he said, adding that substantial progress has been made in the federal sector with up to 70% of agencies adopting automated monitoring systems in the last few years through the GAO’s efforts.
Big data technologies can also be combined with continuous monitoring to help defend networks, Ristau said. Analysis tool cannot be used after an intrusion, but instead should be used to run analytics on network traffic to sniff out intrusions and insider threats, he said.