Академический Документы
Профессиональный Документы
Культура Документы
Highperformancecyberspacesecurity
Improvingoperationalresponsetocyberspacethreats
Highperformancecyberspacesecurity Improvingoperationalresponsetocyberspacethreats
ATechnologyBluewhitepaper
Highperformancecyberspacesecurity
Improvingoperationalresponsetocyberspacethreats
Introduction
Fromatechnologyperspective, cyberspaceisdefinedastheglobal networkofinterdependentinformation technologyinfrastructures, telecommunicationsnetworksand computerprocessingsystems.Froman individualperspective,cyberspaceishow ideasareexchanged,informationis shared,businessisconducted,gamesare playedandpeopleareconnected.Yet despiteimmenseopportunity,cyberspace, asdescribedinourNations2010National SecurityStrategy,enablesoneofthe mostseriousnationalsecurity,public safety,andeconomicchallengesweface asanation. Overthepast10yearsthenumberof peoplearoundtheworldconnectedtothe internethasincreasedfrom360millionto over2billion,andthistrendisexpectedto continueatanexponentialrateintothe future.Collaborationisoccurringatarate 2
likeneverbefore,innovativecreationsare improvingqualityoflife,andopportunity ismadeavailablewhereonceitwasnot. Unfortunatelythosesameopportunities arereadilyavailabletothosewith maliciousintentaswell. TheUnitedStatescriticalinfrastructure thatenablesourqualityoflifeenergy, banking,finance,transportation, communicationanddefenseallrelyon cyberspace.Countlessideas,monies, informationandcommunicationsflow throughcyberspaceeverysecond.And withwidespreadavailabilityofinternet capabletechnologies,thenumberof threatsagainstcyberassetshasincreased immensely.Asstatedinthe2010 NationalSecurityStrategy,Thevery technologiesthatempowerustoleadand createalsoempowerthosewhowould disruptanddestroy.
Highperformancecyberspacesecurity Improvingoperationalresponsetocyberspacethreats
ATechnologyBluewhitepaper
Theverytechnologies thatempowerusto leadandcreatealso empowerthosewho woulddisruptand destroy. 2010National SecurityStrategy Pentagonreveals 24,000filesstolenin cyberattack. Globalcyberattack underwayfor5years
Keycyberspacechallenges
Asthenumberofnetworkedsystems, devicesandplatformscontinuestogrow, cyberspaceisbecomingmoredeeply embeddedinthecriticalinfrastructureof ourhomes,businessesandnation.Given theincreasingnumberandcomplexityof cyberthreats,itisunderstandablethat securingcyberspacedominatesthe agendasofbusiness,communityand governmenttechnologyleadership. Theverytechnologicalinnovationsthat enableourwayoflifehavesimultaneously madeourcyberassetsmoredifficultto protect. Connectivity:Asmoreandmoredatais migratedonline,companiesareexpected tobemoreconnectedandopenby allowingmobile,homecomputersand otherinternetreadydevicestoaccess networksandservices.While organizationsareexpectedprovidenew internetcapabilitiestosupportaglobal economy,cyberactorsareableto
optimizetheirattacksacrossmultiple platformsanddevices.Effectivecyber securityrequiresinnovativeintegrationof technologiesthatkeeppacewiththe rolloutofnewpublicfacingcapabilities. Evolution:Therateatwhichcyberthreats evolveisofconcern.Cyberadversaries arecontinuallydevelopingmore sophisticatedanddangerouscapabilities thateludetraditionalcybersecurity measures.Asmoreadversaries collaborateandcombineresources,the levelofinnovationincyberattack capabilitiesquicklyoutpacestheabilityto adequatelydefendagainstthem.Evolving cyberthreatinnovationsarebecoming smallerandmoredifficulttodetect,yet haveanequalorgreaterimpacttocyber assets.Effectivecyberdefenserequires anabilitytoevolvefasterthanour adversaries. Speed:Cyberattacksarecommonly consideredfastmalicioushackers identifyatarget,andtheattackisover
Highperformancecyberspacesecurity Improvingoperationalresponsetocyberspacethreats
ATechnologyBluewhitepaper
Theinternetande commercearekeysto oureconomic competitiveness,but cybercriminalshave costcompaniesand consumershundreds ofmillionsofdollars andvaluable intellectualproperty. 2010National SecurityStrategy Sophisticatedcyber attackhitsEnergy DepartmentsPacific NorthwestNational Laboratory. Citigroupthelatest tofallvictimtocyber crime
almostasquicklyasitbegan;howeverfast attacksarenottheonlyconcern.In2010 morethan75,000computersystemsat nearly2,500companiesaroundtheworld werehackedinoneofthelargestand mostsophisticatedcyberattackstodate. Theattacknotonlyshowsthelevelof sophisticationoftheattackers.Italso displaysoneofthegreatestchallengesto adequatelysecuringcyberassets:the attack,discoveredinJanuary2010,began inlate2008.Cyberattacksarenotalways quick.Sometaketimetounfoldas computersareremotelycontrolledbythe attackers,slowlyinfiltratingcomputers andnetworksuntiltheendgoalis achieved.Safelysecuringcyberassets requiresanabilitytodetectmalicious cyberactivityoverlongerperiodsoftime. Bigdata:Theamountofdatagenerated eachdayaboutcyberassetsiscontinually increasingatastaggeringrate.Large enterprisesgenerateterabytesofdata eachyearrelatedtonetworkevents,data downloads,runningprogramsandvarious anomalies.Enablingeffectivecyber securityprotectionrequiresanabilityto quicklydiscernanacceptableeventfroma questionableone,identifyitsrelationship tootherevents,andidentifypatternsthat signifytheoccurrenceofacyberattack. Decisioning:Proactivecybersecurityis baseduponthequalityofstrategicand operationaldecisionsthataremade duringcriticaltimes.Andthequalityof decisionsisadirectreflectionofthe knowledgeandunderstandingofpast, presentandfutureunderstandingwhat happened,knowingwhatishappening,
andproactivelyadjustingstrategiesand operationstoprotectagainstwhatcould happeninthefuture.Individualsand organizationsallmakedecisionsusinga processsimilartotheOODALoop(Figure 1).Withthegrowingpotentialof catastrophiccyberattacks,acyber securityOODAprocessmustbemeasured inmilliseconds,notseconds,minutesor hours.Effectivecybersecurityrequires automationofsystemsanddecision makingprocesses.Decisioningmustbe fastandagiletokeeppacewithever evolvingadversariesandoperational conditions,andensuretheprotectionof cyberassets. Resources:AswithmanyITleadership agendas,doingmorewithlesshas dominatedthestrategiclandscapeover thepastfewyears.Currentapproachesto protectingagainstcyberthreatsputs demandsonlimitedresourcesandcan increasesystemsdevelopmentand maintenancecosts.Effectivecyber securityrequiresarobustframeworkof integratedtechnologiesthatminimizethe strainonITresources.Theframework mustbeautomated,scalable,performing, andbecapableofempoweringsecurity expertstoefficientlygather,analyzeand makedecisionsaboutimmenseamounts ofdata. Currentapproachesarenotenough Toprotectagainstcyberthreats, enterpriseshavedeployedawiderangeof hardwareandsoftwaredefenses. IntrusionPreventionSystems(IPS), IntrusionDetectionSystems(IDS),
Moreover,thespeed ofcyberattacksand theanonymityof cyberspacegreatly favortheoffense. 2010Quadrennial DefenseReview Report HongKongtrading haltedbyDDoSattack
antivirus,firewallsandothernetwork managementsolutionsarestrategically deployedtogenerate,identifyand respondtoeventsthatmeetthe characteristicsofmaliciouscyberactivity. Whilethesetoolsandtechnologiesare sufficienttoaddresspartoftheproblem, theyarenotenough.Asthe sophisticationofcyberattacksincreases andthelevelofnetworkexposure continuestooutpaceprotection,these toolsandtechnologiesfailtoadapt quicklyenoughtoprotectagainstsavvy attackers.UnfortunatelymanyITleaders arecontinuallyoverwhelmedbythe challengesthattheseinsufficiencies breed,andfindthemselvesinanever endingbattletofightcyberattackersfrom areactiveposture.
Acybersecurityframework
TheOODALoop(Figure1)isaprocessfor performingstrategicandtacticaldecision making.DevelopedbyUSAFCol.John Boyd(Ret.),OODAisbasedonan understandingthatallorganizations undergoacontinuouscycleofinteraction withtheirenvironment.Thecycleis brokendownintofouroverlapping processes:Observation:thecollectionof data;Orientation:theanalysisand synthesisofdatatoformperspective; Decision:thedeterminationofacourseof action;andAction:theimplementationof thedecisions.Withinthecontextof combat,thekeytovictoryistobeableto createsituationswhereinonecanmake appropriatedecisionsquickerthanones opponent.
Figure1:OODADecisionLoop
Observation
Capture,store,aggregate,filterand visualizeeventdatafromvarious sourcesthroughoutthe infrastructure.
Orientation
Analyzecaptureddatatoidentify patternsandeventcorrelations thatsignifysecurityholesorattacks inprogress.
Action
Implementpoliciesintooperational systemstoautomatethreat responseorproviderealtime decisionsupport.
Decision
Executewhatifscenariosand analyticalgorithmstofindnew strategies,policiesandcoursesof actiontomitigatethreats.
Highperformancecyberspacesecurity Improvingoperationalresponsetocyberspacethreats Everyyear,an amountofintellectual propertylargerthan thatcontainedinthe LibraryofCongressis stolenfromnetworks maintainedbyU.S. businesses, universities,and government departmentsand agencies. Departmentof DefenseStrategyfor Operatingin Cyberspace(July 2011) ParisG20filesstolen incyberattack. Emergingcyber threat:Advanced EvasionTechniques thatcombineto conquer. Withinthecontextofcybersecurity, organizationsthatcanexecutetheOODA processquicklycangainanadvantage overadversaries.Whenmanaged effectively,afoundationalOODAprocess enablesanorganizationtoproactively closesecuritygaps,assesspotentialrisks andimpacts,alterstrategiesandupdate operationalsystemswithagility, consistencyandprecision. Byunderstandingthecorepurposesof eachphaseandhowtheyrelateto technologicalcapabilities,the performanceofeachphaseoftheloop canbetransformedandoptimizedto effectivelyprotectagainstcyberthreats. Whenintegrated,thetechnologicalresult isaframeworkcapableofrapidevolution andresponseagainstcyberattackers characterizedbypersistence, coordination,purpose,sophisticationand multilateralcapabilities. Observation:datacollection Thefirstframeworkcomponentenables captureandhighlevelcorrelationof eventdata.Multiple,dispersedsensors collectdatafromeventsourcesacrossthe enterprise.Realtimeeventcorrelation providesthefirstlineofcyberdefenseby identifyingeventsequences,orlack thereof,thatsignifymaliciousbehavior. Basedoncustomizablepolicies,realtime eventsarestreamedtoautomated decisionenginesforimmediateresolution. Asdataarecollectedtheyarestoredin operationaldatastoresandwarehouses tosupporttheOrientationphaseofthe process.
ATechnologyBluewhitepaper
Orientation:formingperspective Thesecondframeworkcomponent combinesdatamining,analyticsand visualizationtoenabledeeperanalysisof events.Predictivemodelsleverage operationalandhistoricaldatato determinethelikelihoodthatacyber attackisinprogress.Themodelsare designedtoconsidervastamountsof data,andarepowerfulenoughtoidentify patternsthataretoovastandcomplexfor humanidentification.Predictive capabilitiesenableproactiveclosingof gapsthatarebeingexploited,andprovide foresightintootherareasofriskinthe cybersecuritygrid. Decision:courseofaction Thethirdframeworkcomponentenables cybersecurityexpertstoassessrisksand developmitigationstrategiesusing innovativedecisionoptimization technologies.Decisionmodelsare developedtorepresentthecurrentcyber securityinfrastructureinthephysical domain.Byutilizingcapturedeventdata andperspectivesfrompredictiveanalytic assessments,cyberexpertsareableto simulateandmodelvariousattack scenariosusingrobustsolverstobetter evaluatecyberrisks(Figure2).Whatif capabilitiesfacilitateprioritizationof countermeasures,andcreateabetter understandingofpotentialimpactsto infrastructureandoperationalsystems. Action:implementation Thefourthframeworkcomponent
Highperformancecyberspacesecurity Figure2:Decisioning Improvingoperationalresponsetocyberspacethreats Byutilizingcapturedeventdata andperspectivesfrompredictive analyticassessments,cyber expertsareabletosimulateand modelvariousattackscenarios usingrobustsolverstobetter evaluatecyberrisks. Whatifcapabilitiesfacilitate prioritizationofcounter measures,andcreateabetter understandingofpotential impactstoinfrastructureand operationalsystems.
ATechnologyBluewhitepaper
ScreenshotscourtesyofFICO (www.fico.com)
Defendingagainst thesethreatstoour security,prosperity, andpersonalprivacy requiresnetworksthat aresecure, trustworthy,and resilient. 2010National SecurityStrategy
leveragesrealtime,operational decisioningcapabilitiestoefficiently respondtooperationalconditions. Automateddecisionsareauthoredand exposedasapplicationservicesthat implementthepolicies,tacticsand practicesofthecybersecuritystrategies. Responsesareintheformofcontext sensitiverecommendations,orautomated responsestoreroutenetworktrafficto compensateforoutagesorsecurity compromises.
Visualization
Ahighperformingcybersecurity frameworkprovidesenhancedsituational awarenessthroughdynamic,interactive visualizationofeventdata.Eventcapture, correlationanddecisioningcapabilities areintegratedinasingleinterfaceto
providerealtimeperspectiveofongoing cybereventsthroughouttheenterprise (Figure3).Thevisualizationcomponentof theframeworkisthecoreinterface throughwhichcyberexpertsperform tasksspecifictoeachphaseoftheOODA loop.Cyberexpertsleveragea customizablefrontpaneldisplayof visualizationsincludingnetworkdiagrams, eventseveritiesandgeographicmapsto performanalyses,drawconclusionsand makedecisionsaboutcurrentand potentialsituations.Interfaceinteractivity enablesspecialiststodrilldowninto eventstodisplayrelationalinformation, runpredictivemodelsorlaunch optimizingsolverstodetermineplausible coursesofaction. Accesstorealtime,meaningfuland decisionorientedinformationenables
Futureadversaries willlikelypossess sophisticated capabilitiesdesigned tocontestordeny commandoftheair, sea,space,and cyberspacedomains. 2010Quadrennial DefenseReview Report
expertstodevelopnewpoliciesfor proactivelyreducingtheexistenceand threatofcyberattacks.Wherevolumesof informationexceedanabilitytoconsume itandreasonuponit,theinnovative, integratedtechnologiessynthesizedeeper levelsofmeaningacrossdata,further heighteningsituationalawarenessofthe enterprisecyberdomain.Whereonce sophisticatedattackscouldgounnoticed, aproactivecybersecurityframework ensuresoperationalsystemsengage adversarieswithfast,automated responsesthatclosesecuritygapsbefore significantdamageisdone.
winthecyberwar,cybersecuritymustbe anenterpriseproblem.Byfocusingonkey taskstheyaretransformingtheir approachtocybersecurity,and developingproactivecapabilitiesthat reducethepotentialforcatastrophic cyberbreaches. CyberStrategy Highperformingorganizationsare weavingcybersecurityintotheirdayto daybusinessstrategies.Theyare implementingtechnologicalframeworks thatincreasevisibilityintotheircyber domainandprotecttheircyberassets fromattack.Inaddition,theyareactively educatingtheirorganizations,fromClevel toprogrammerstoassistants,on approachestoreduceinternalcyberrisks aswell.Cyberstrategyhasbecome equallyimportantasotherenterprise
Achievinghighperformance
Cybersecurityhastraditionallybeen consideredatechnologyproblem. Howeverhighperformingorganizations arelearningthattoeffectivelyfightand
ScreenshotcourtesyofEdgeTechnologies,Inc. (www.edgeti.com)
Highperformancecyberspacesecurity Improvingoperationalresponsetocyberspacethreats
ATechnologyBluewhitepaper
Wewillcontinueto investinthecutting edgeresearchand development necessaryforthe innovationand discoveryweneedto meetthese challenges. 2010National SecurityStrategy
initiativessuchasCRMandSOA.Cyber strategyisbecomingaplanningand executioncomponentofnewbusiness initiatives,productrolloutsand partnerships.Newpositionsarebeing created,includingChiefInformation SecurityOfficers,furthersolidifyingthe dedication,andsignalingthecriticality,of protectingenterprisecyberassetsfrom maliciousadversaries. Findingthegaps Highperformingorganizationsare conductingwargamingsessionsthat simulatecyberattackstouncover vulnerabilitiesandgapsinhardwareand softwaresecurity.Theirfindingsleadto newstrategiesandcapabilitiesthat effectivelyclosesecuritygaps,and identifyareasforimprovement throughouttheenterprise.Armedwith thisknowledge,organizationscanbegin thetransformationtodevelopaproactive, leanforwardposturerequiredto effectivelycombatcyberattackers. Embraceinnovation Effectivecybersecurityrequires innovation.Thesophisticationofassaults andcomplexityofITenvironmentshas increasedbeyondthecapabilitiesof traditionaltoolsandtechnologies.High performingorganizationsrealizethat addressingthischallengerequiresa relianceonresource,technologicaland organizationalinnovation.Technological
Growingexpectationsforhow organizationspartner,interactwithand shareinformationwithindividualsand otherorganizationsiscontinuallypushing theenvelopeofcybersecurity.The numberofcybertargetscontinuesto grow,givingcyberattackersample opportunitytodisrupt,stealanddestroy cyberspaceassets. Thegoodnewsisthatmanyorganizations arealreadyworkingtoreachhigherlevels ofcybersecurityperformance.Thesame technologiesthatenablecyberattackscan alsobeusedtodefendourassetswith equaleffectiveness.Successrequires organizationstoinvestinnewstrategies thatempowerusers,systemsand infrastructures,andtechnologicallyenable fasterdecisionmakinginthefacedynamic operatingenvironments. ClayeGreene,ManagingDirectorof TechnologyBlue,isanITstrategist focusingontransformationand modernizationinitiatives.Contactusat info@technologyblue.com.
Tolearnmorepleasevisit http://www.technologyblue.com/cybersecurity.htm 9
Highperformancecyberspacesecurity Improvingoperationalresponsetocyberspacethreats TechnologyBluehelpsbringaboutmeaningfulchangeandlastingsuccess throughabroadrangeofoutsourcingservicescovering: WhypartnerwithTechnologyBlue? Enhancecorecapabilitiesinkeyareas Leverageexpertisetoincreaseinnovation Liberateresourcestofocusoncorecompetencies Improveservicequality Reducecosts Speedtimetomarket Increasebusinessperformance Maximizeprofitability Solidifycompetitiveadvantage Strategy Application Infrastructure Management ATechnologyBluewhitepaper
Copyright2011TechnologyBlue,Inc. Allrightsreserved.
AboutTechnologyBlue TechnologyBlueisaninformation technologystrategyfirmbasedin Pittsburgh,Pennsylvania. Withastrongcommitmenttodeliver valuethroughinnovativeapproaches, toolsandtechnologies,Technology Bluepartnerswithitsclientstohelp themtransformandmodernizeto achievehigherperformance. Itshomepageis www.technologyblue.com.
10