dgabbard's blog

This year’s FOSE conference featured two separate panel tracks on Cybersecurity: “Program and Policy Management” and “Tactics, Tools, and Technologies”.  Each track examined Security Innovations, Continuous Monitoring, Threat Intelligence, Security and ROI, Insider Threat, and New Attacks. 

With the recent events in Egypt and the debate over proposed legislation, “Cyber Security and American Competitiveness Act of 2011”, the term “Internet Kill Switch” has flashed into popular discussion. So what does the term mean, what does it look like, and can it be really be done?

Sharing Threat Data - What’s Worth Sharing and What are the Benefits?

The extended enterprise is critical to your organizations risk profile. Forward-thinking organizations implement the following approach for proactive data gathering and analysis:

1. Get to know your extended enterprise.

What services and capabilities inside your network and in the networks of others are critical to your mission? If you can define them, you have a head start on understanding the risks and tracking the threats.

2. Get the data you need.

When experts consider modern cyber attacks they are traditionally focused on denial of service (DDoS), global botnet, and DNS hi-jack attacks. Each of these tends to cause downtime or service outages and require partnering with service providers to remediate the incident. However, as recent as last month’s experiment run by Duke University and the YouTube outage of two years ago we are starting to see anomalies with the Internet’s core protocol, BGP, that may be just as disruptive, with the potential to be even worse.

Securing the Extended Enterprise

As corporations expand their reliance on the Internet and technology to conduct business, most work diligently to reduce their exposure to attack. Their efforts are focused primarily on protecting their enterprise assets, but could they be missing a very important aspect of their attack surface…. the extended enterprise?

Cyber situational awareness requires an all-encompassing approach to threat understanding, analysis, and risk assessment. Internet intelligence, enterprise intelligence, and threat intelligence all play a significant role.

If the H1N1 outbreaks and the recently foiled airport bombing plans tell us anything, it's that information and information sharing are at the center of response for any significant security event. A significant cyber security event is certainly not going to be any different. Naturally, this type of data sharing should be bi-directional.

Remember the fourth assumption - Data about the event(s) needs to be able to flow both up to decision makers and down to responding organizations.

 In the aftermath of a significant national cyber security incident, the ensuing coordination effort is likely to be a significant challenge. It's likely to be a challenge for a number of reasons - not the least of which was one of the assumptions outlined earlier: