Categories
Tags
No Tags
From USNI West 2010:
The afternoon session today, “Cyber Issues: What should have priority?”, continued the theme of General Cartwright’s kickoff address this morning, and Admiral Stavridis’ remarks today at lunch, that theme being the expansion of the effort to exploit and protect operations in the cyber domain.
The remarks of the panel were interesting and provided insight into the perceptions and assumptions of DoD for operation as users of the almost exclusively (85-90%) privately owned and operated global computing networks collectively known as the Internet.
During the Q&A period that followed the discussion, I asked the following question:
The private sector recognizes that the preponderance of vulnerabilities to enterprise networks are due to user-level security. With the extensive discussion of extending and expanding networks into new and “unexplored” areas that will introduce large numbers of unvetted users to our critical C2 and information backbone networks, how are the two (user-level security and expanded user base) reconciled?
The answers, after some initial silence, varied from more training for users to increased awareness from commanders. But Norman Friedman gave what I consider the best response. His assertion was that total protection was an impossible goal. Instead, the networks needed sufficient flexibility to be able to be altered in response to the attack into a different configuration in order to maintain the ability to perform their primary functions.
The most interesting question, however, was asked of the panel by the Moderator, VADM Nancy Brown, USN (Ret.). Hers was this:
If each of the panel members had one dollar more to invest in their priority of choice in the development of cyber capability, where would it go? Network architecture mapping was mentioned, as was a true and impartial cost analysis, by Mr Carey and Mr. Friedman, respectively. VADM Mauney mentioned the training of personnel. VADM Brown chose to fill manpower requirements.
All justifiable and well-considered answers.
My dollar? That would go toward the ability to develop tools that can provide I&W, indications and warnings, that an attack on a network has begun. The flexibility that Mr. Friedman advocated as hand in hand with network protections requires the capability to quickly determine how and where a network is being attacked in order to execute extremely rapid decisions about further protection measures and reconfiguring to maintain critical function. The ability to effectively build I&W capability represents a tall challenge, likely requiring a level of automated analysis and reporting not yet widely available. However, the effort to do so will in some ways represent gaining the “brass ring” of network protection.
Decisions regarding individual hardware responses are required to be made at “machine speed”, faster than the ability of humans to make cognitive assessments and take action. Much has been done in the realm of protective algorithms that will accomplish those “machine speed” tasks. Where humans can effectively and appropriately intervene is in the higher cognitive decisions regarding altering data paths or network architecture to maintain critical functions.
Much mention has been made regarding attribution. Important as it is, attribution is a revenge shot. The damage has occurred, the disruption perpetrated. Being able to assign attribution to the culprit responsible for a network attack will likely require more than just technical capabilities. The timeline for that attribution may be weeks or months, especially in the instance of a skilled and patient attacker, if attribution is even a possibility.
For my dollar, the capability that would increase the effectiveness of Network Operations Centers (NOCs) in creating and maintaining secure, flexible networks, is that of a system of indications and warnings of network attacks from hostile entities.
