How Will Innovation Impact the Practice of Cybersecurity?
By John Felker, Director, National Cybersecurity and Communications Integration Center, U.S. Department of Homeland Security
Basic Blocking and Tackling
Despite recent innovation, key elements of cybersecurity remain critical to your success. These are somewhat simple if you stop and think about it, though in practice we tend to make them more difficult than necessary in my view.
"To date, more than three million indicators have been shared into DHS from our partners, consolidated and transmitted to more than 200 AIS members"
1) Leadership MUST own the Issue – leaders up to and including the Board of Directors have to be involved and understand cyber issues in their business.
2) The leadership team MUST understand risk management so that balance can be achieved between mission/business, security and privacy.
3) You need to know and understand your network, and when you do, good cyber hygiene is a must – it’s a team sport – see point 2 above.
4) You need to have a plan for a “bad day” and you need to exercise the plan, to include senior leadership.
5) You MUST leverage relationships – essentially we are in this together.
As you contemplate how to apply innovation, these five key elements must still be part of your effort.
Department of Homeland Security
How does DHS the fit into your cybersecurity effort as you think thru utilization of cloud infrastructure, the potential of AI and machine to machine threat sharing? The National Cybersecurity and Communications Integration Center (NCCIC) is uniquely positioned as the Nation’s Flagship Cyber Defense, Incident Response and Operational Integration center. Our mission focus areas are:
• Information Exchange - Share information about cyber and communications risks to support stakeholder decisions and actions.
• Incident Management - Manage cyber and communications incidents in real time to mitigate impacts and reduce risks to critical systems.
• Analysis - Conduct analyses to recognize threats and vulnerabilities, identify countermeasures, and develop situational awareness.
• Capacity Building - Build capacity across all levels of government and the private sector to improve the manage¬ment of cyber and communications risks.
In each of these areas, we work closely with public and private partners to reduce the risk of systemic cybersecurity and communications challenges. As innovation changes the landscape, we constantly seek to understand the potential impact so that we can take advantage of new ways to be more effective and help understand the cyberscape with a view to better helping our partners defend their “stuff”.
Recently too, DHS created the National Risk Management Center (NRMC) in response to an increasingly complex threat environment and corresponding
demand from industry partners for support. Effective risk management requires government and industry working side by side to combat threats and address risk collaboratively. The coordinated cross-sector approach employed by the NRMC will be critical because risks to critical infrastructure, both cyber and physical, are not isolated by infrastructure type, and risks are often shared between the public and private sectors.
The combination of the NCCIC and NRMC, in coordination with private sector partners, especially as we think through how to best use new and innovative tools, has the potential to help many different entities improve their cyber defense understanding, posture and decision making related to implementation of innovation.
Since the Cybersecurity Information Sharing Act 2015 was passed, NCCIC has worked hard to implement Automated Indicator Sharing (AIS) with both the FED.gov and private sector partners. AIS is focused on machine to machine indicators of compromise sharing, with minimal human intervention, dramatically improving the speed at which sharing occurs. To date, more than three million indicators have been shared into DHS from our partners, consolidated and transmitted to more than 200 AIS members. Several of these members are Information Sharing and Analysis Centers or Organizations (ISACs/ISAOs) or cybersecurity threat providers, all of whom redistribute indicators to customers and members, increasing the reach of automated indicator sharing to more than 4,000 organizations. STIX/ TAXII formatted language version 1.x has been utilized for all of this activity. As of September 2018 however, STIX version 2.1 has passed international standards review through OASIS, a nonprofit consortium focused upon adoption of open standards for the global information society. DHS is actively working with partners to implement this improved version as it adds significant attributes to the AIS data flow that will make it easier to utilize the AIS feed to cause automated action. This is a big step toward keeping up with adversaries at machine speed and a leap forward in security.
Adoption of cloud technology promises significant savings and increases in capacity, enhances functionality or adds additional services on demand without having to commit to potentially expensive infrastructure costs. There are potential improvements and risks in cybersecurity as well. DDOS attacks, employee negligence or mistakes, inadequate segregation between clients and broad system vulnerabilities are a few of the risks. On the other hand, integration of compliance and security, economies of scale especially related to data analytics and automation focused on security are advantages to moving to the cloud. Again, leadership MUST be involved to make good business and risk decisions regarding cloud adoption.
Utilization of Artificial or Augmented Intelligence (AI) has significant promise for the cybersecurity community, particularly in sorting the vast amount of data necessary to discern patterns and match vulnerabilities with threat and threat actors. Eventually, this process will take place with a minimum of human interaction so that the “talent” will be able to focus on actions that require a human in the loop. One of the big challenges with AI is the development of the rules and the “training” needed to use AI with a minimum of introduced bias effectively. This discussion must necessarily include the development of a code of ethics – a standard to be followed when implementing and utilizing AI. Nonetheless, AI may potentially improve the practice of cybersecurity dramatically.
Doing the basics of cybersecurity, especially leaders understanding your risk and developing relationships before an incident, being aware of the support that DHS can provide and logically integrating innovative technology into your environment all have potential to improve cybersecurity posture. Together, with thoughtful implementation of innovative technology, organizations can set up for success in defending themselves in the cyber environment.