Center of operations: DHS
Along with diplomatic efforts, federal agencies have been working on a multi-sector approach to holistic response programs to protect against escalation and damage-causing cyber attacks.
“We can't pay as much as the private sector, but the DHS is a cool place to work,” says Mark Weatherford (left), deputy undersecretary for cyber security for the National Protection and Programs Directorate (NPPD), part of the DHS. “Give us three years out of college,” he says, “it'll look good on your résumé.”
The DHS, with a mission to protect defense networks, is being positioned as the central clearinghouse of information between federal agencies and the public sector. This arrangement would be different than the vertically oriented Information Sharing and Analysis Centers (ISACs) that primarily share data to their memberships of sector-related organizations.
With no technology that could to this today, and with privacy issues about the information being requested, it is no surprise that the White House-backed Cyber Security Act of 2012 failed so quickly in Congress last month. However, the writing is on the wall. Cyber war is upon us, and organizations need better means of protecting themselves and sharing threat information to protect the larger infrastructure.
Advice: From the front lines
As cold war escalates to more confrontational activities, experts offer advice:
Train, educate and raise awareness. With numerous efforts at primary, secondary and college level, federal agencies are asking for help raising awareness around these issues to all communities. “What's of utmost importance to us is training our military and civilian forces of cyber warriors,” says Gen. Keith Alexander, commander of USCYBERCOM and director of the NSA.
Close vulnerabilities. The biggest single tactic for preventing intrusions is to patch and manage vulnerabilities, says Martin Libicki, senior management scientist for the government think tank RAND Corp.
Build better prevention. At DefCon, Alexander also called for better tools to prevent attacks from occurring in the first place. Although there are legal issues to consider, some tools and techniques coming to market practice deception as a means to shuttle attackers to a secure zone, observe their behaviors and even track them to their origins.
Improve visibility. SIEMs and other tools are also being used to sort through increasing volumes of log, security, vulnerability and operational information to detect threats faster and take action with more accuracy. “If someone gains access to aerospace machinery information, time to shut them down is critical in beating the criminals to market with the new design,” says Eddie Schwartz, CISO of RSA.
Share attack and threat information in real-time. Federal agencies are clearly in need of more information to predict larger-scale attacks against the infrastructure and DoD networks. Currently, Carnegie Mellon's Computer Emergency Response Team (CERT) operates at this level, but not in real-time, and it's not free either. “Making this data actionable to different environments speaking different languages is where the challenge comes in,” says David Koretz, general manager of Mykenos Software. – DR