NSI News

Real-time intelligence key to cybersecurity

Why is it that cyber criminals and digital spies have such an advantage when it comes to successful exploitation of our information and communication technologies?

At the core, the problem is that the Internet was built as a communication tool by and for an academic community where trust was taken for granted. Those early pioneers that built the Internet architecture could never have envisioned how in very short time this global information infrastructure would become a means for legions of malicious actors of all kinds to conduct their attacks, thefts and operations across the World Wide Web, through email, and even inside Peer-to-Peer (P2P) networks (If your kids or employees are downloading “free” music from the P2P sites, check out the very real threats you face from criminals in this eye-opening MSNBC report).

Consider these three additional factors that give the threat actors the initiative:

First, these malicious players think with a predator mindset. In our culture we are not socialized to think and reason in this pathological manner. These are individuals, groups and organizations that are always on the prowl for vulnerabilities that they can exploit through innovative technologies and creative social engineering tricks.

Second, the really devious players in the digital domain take time to prepare their attacks. They carefully prepare their operations through unobtrusive research, development of new attack tools, preparation, and assessment of their victim’s point of greatest weakness. But when they finally deploy their malicious payloads, they move at high speed. A profoundly revealing 2008 Investigation Report by Verizon’s Business Risk Team that summarized more than 500 security incidents over four years demonstrates this fact. The report found that nearly one half of network compromises occurred within minutes to an hour, whereas two thirds of these compromises took months or even years to discover, and then over half took weeks or months to resolve. Verizon noted, “organizations are simply not watching.” But how can you watch for something that you’ve never seen?

This brings us to our third advantage that is that these malicious operatives in cyberspace have besides a cultivated amorality and evil mindset, and the intelligence and capability to get inside a target fast, grab what they’re after and depart undetected. This factor is that like aliens in science-fiction movies, they can “shape shift” – in this case it’s their digital payloads that are morphing. Their malicious code or malware is evolving faster that our defensive systems can detect them. This morphing ability allow attackers to evade Intrusion Detection Systems and anti-Virus software that all require some kind of known or suspect “fingerprint” in order to block malware from the network or computer.

So, what can be done to respond effectively to this multifaceted and persistent threat?

Government and industry need to admit that the passive, layered-defense posture in cyber security, while a necessary protective measure, is not sufficient to meet the evolving threat landscape. We need to move to real-time cybersecurity defenses that trap, identify and repel attackers as they launch. In this regard, Richard Hale, Chief Information Assurance Executive for the Defense Information Service Agency has perceptively recommended that cybersecurity tools need to be developed that “deceive adversaries” in cyberspace by creating “noisy” environments populated with many decoy targets. These targets can then be watched in real time so that we can learn from the attackers themselves.



For more information, please contact Heather Sabharwal at hsabharwal@kglobal.com or 202-349-7016.