Last Updated: 05/31/2012*
The latest in event in the Security & Defence Agenda’s Cyber Initiative quickly made one thing clear — Cyber-security has hit the mainstream.
No longer a subject on periphery of the average policymaker’s understanding, SDA Director Giles Merritt remarked that that past year has seen an explosion of “real and concrete political, diplomatic and industrial policy making, international discussion and action.”
As the recommendations of the recently published Executive Summary to the 2012 Security Jam have made clear, actionable strategies in the area of cyber-security are no longer purely theoretical. The challenge instead is to make these actions as effective as possible between international actors and across sectors. Read more...
Q&A with Jeff Snyder
|Jeff Snyder, Raytheon Vice President of Cyber Programs, describes today’s cyber threat and the layered approach necessary to address it on a Security and Defence Agenda panel|
Cyber threat is stealthy, real-time and changing rapidly
Jeff Snyder, Raytheon’s vice president of Cyber Programs, describes today’s cyber threat, its implications for government and industry, and the layered cyber-security approach necessary to protect critical infrastructure and economic viability. Joined by cyber experts from EUROPOL, the U.S. Department of State, European External Action Service and the European Commission, Snyder discussed these and other cyber-security matters at a Security and Defence Agenda debate in Brussels on the topic of “International cooperation on cyber-security.” The debate’s discourse, in response to the SDA’s recently released report, “Cyber-security: The vexed question of global rules,” centered on how international organizations can address cyber-security threats through technology and policy.
What does today’s cyber-security threat look like?
Today’s threats are very complex, stealthy, real-time and persistent. The threat is changing very rapidly, and it will be increasingly difficult to detect and mitigate. From the insider threat to the external advance persistent threat (APT), coupled with the increased risk associated with mobile platforms and cloud environments, the threats to critical infrastructure, businesses and economic viability are growing.
What implications does this have for governments, businesses and industry?
Our discourse at the Security and Defense Agenda debate made one thing clear: there is a sense of urgency to get things done, and, in the cyber domain “we are only as strong as our weakest link.” The threat changes rapidly, so there is an increased need to generate and implement solutions quickly, particularly those that can be more predictive in nature. Collaboration from a global perspective is imperative to minimize duplication of investment effort, share best practices and create technologies that will combat the growing set of cyber threats.
The European Union faces unique challenges in how to structure cyber-security solutions across many different countries with many different stakeholders. Since a cyber-security approach is only as strong as the weakest link, ensuring there are common security policies, complementary investments, and performance measures is essential. Cyber threat and intelligence information sharing is critical as well to exchange important cyber threat information and mitigation strategies across borders and agencies with some degree of anonymity to protect those sharing the information.
What should be done to address the growing cyber threats?
There is not one solution to the cyber-security problem; rather a “layered” approach will best protect against the growing cyber threat.
It starts on the perimeter. Intrusion detection sensors, firewalls and other tools are the first line of defense. This set of security solutions can protect against novice hackers, but additional measures are necessary to prevent more sophisticated attacks or those from BOTNETS or APTs. Recognize also that by the time a signature-based sensor detects an attack, it is likely too late - the infrastructure has already been compromised. There is currently investment to move from intrusion detection to intrusion prevention sensors. This objective to predict and block threats to better protect networks and infrastructure represents a sound initiative to better protect our global “perimeters.”
The next layer of a multi-faceted cyber defense rests with better securing nations’ software development practices and ensuring security through the supply chain. This is called supply chain risk management. Minimizing the number of exploitation vulnerabilities in software, hardware and firmware is critical, especially if importing these technologies across borders. Then, go beyond the software and supply chain protection mechanisms by integrating security at the processor level. Intel’s acquisition of McAfee is representative of this trend of a layered cyber-security approach.
Finally, we cannot forget the pervasive internal threat. Yes, external threats pose many risks, but remember that insiders have privileges and immediate access to networks and infrastructure. When one doesn’t have to circumvent the various cyber-security provisions described above due to ongoing access to the network, it is much easier to be mischievous or initiate malicious cyber activity. Proven technologies that monitor for unusual behavior can address this risk.
* The content on this page is classified as historical content. See this important information regarding such content.