Government and industry are facing a new breed of well-trained cyber attackers who are taking advantage of weaknesses in network defenses through coordinated attacks. To counter this threat, public and private-sector IT security experts contend that organizations must improve how they share information and react to intrusions.
Today's adversaries in cyberspace aren't the individual hackers and random criminals of the past, Jacob West, chief technology officer for Hewlett Packard's Enterprise Security Products business, explained at a recent conference in Washington D.C. These new actors are highly focused and work collaboratively -- something they did not do a decade ago, he said. Sophisticated cyber attackers now work in teams, with certain groups specializing in certain technical areas, such as software or malware writing. Each of these groups contributes its skills to the "kill chain" of a cyberattack. "We see this specialization resulting in a much higher caliber of effectiveness."
Federal agencies need to learn more about how cyber attackers work, Wes said, to counter them and learn better ways to collaborate internally. Organizations need to be better at sharing intelligence with one another and industry. Without this collaboration and cooperation, he said, the fight against cyber attackers is stacked in favor of the attackers.
[The Internet of Things brings with it a world of security questions. Read Internet Of Things Intrigues Intelligence Community.]
Richard Hale, the Defense Department's deputy CIO for cybersecurity, said one of the challenges faced by the government is that there is still a poor understanding of adversaries' goals. This is because most attacks tend to appear initially as data theft instead of intelligence gathering or espionage. He noted the DOD's particular challenge of getting its mission accomplished in the face of a capable adversary. One of the disadvantages faced by the military and government in general is that adversaries need only succeed at least half of the time, he said.
The Department of Homeland Security is the chief government agency responsible for coordinating cyber defense, mitigating attacks, and responding to them, said Phyllis Schneck, the DHS deputy under secretary for cybersecurity. She described these efforts as a "cleanup-in-aisle-nine" process managed through the DHS's National Cybersecurity and Communications Integration Center. Information sharing is critical to this process. The office plays a key role in this process, she said, and every part of the DHS has its own cyber component.
The DHS is helping defend federal infrastructure through programs such as Einstein, a continuous diagnostics and mitigation system that scans civilian government systems for signs of intrusion and data breaches, Schneck said. The government is at a very good place to share information openly with the private sector and academia on security issues. The DHS is also using big data tools to manage and observe networks, which allows for improved defense against zero day and botnet attacks. Collaboration is helping federal agencies work together and create a better picture of an attack through information sharing, she said.
Despite the progress made by the DHS on the federal side, industry needs to do more. A priority for 2015 is active collaboration between companies on security issues, according to West. In the past, he said, firms didn't share security information and viewed their network security as a competitive advantage. But with the recent pace of major data breaches, there has been a sea change in how firms view information sharing on this issue. The coming year, he predicted, will see more active collaboration such as sharing best practices and working more closely with the government.
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep getting your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail (free registration required).