By nature, defensive safeguards place the adversary in control; he need only breach one point of weakness to reach success. In contrast, the defender must attempt to cover all possible weaknesses. Shoring up these weaknesses becomes a costly enterprise and the economies of scale help ensure the attacker maintains the advantage.
Current security tools independently address weaknesses; suites of tools offer more complete solutions but often lack best-of-breed technologies. In essence, no one solution or vendor serves all agencies or needs.
Shifting the impact curve for safeguards, at the scale of the adversary, with minimal disruption to operations requires an alternative framework and technical architecture for managing cyber risk.
Adversaries are resilient. They utilize whatever means possible to reach their goal often relying on multiple pieces of information to determine and exploit a weakness. In response, safeguards must do the same. To resiliently safeguard resources, agencies should look beyond the enterprise boundary and application-centric tools to augment internal capabilities with sources of information from the broader network of agencies and partners. We’ll call these networked sources of information Authorities. Some of these Authorities can support the improved assurance of an identity (e.g. multifactor authentication) while others can provide needed context or attributes to support adaptive access control.
Adversaries have plans. They determine high value assets, develop processes to exploit them, test hypothesis, and adapt to counter-measures. Information safeguards must do the same. By implementing adaptive workflows for encryption, authentication, attributes, authorization, entitlements, and most importantly context, organizations can proactively disrupt exploitation paths. We’ll call these adaptive workflows Policies, and they will represent conditions of trust stated in regulations, security plans, and government-wide guidance. With logical inputs from Authorities, workflows can adjust the needed level of assurance, account for security events, or simply provide variability to obscure patterns in access control decisions. As an example, an agency may wish to vary the requirements for an employee logging in from their desktop PC at the office, versus the same employee using a VPN from home or over the open Internet at a Starbucks.
Adversaries have a platform. They use the functionality and architecture of the Internet and Worldwide Web to operate at scale. Information safeguards should do the same. Through a network architecture for coupling Authorities with adaptive Policies, an organization’s applications and data can be proactively and efficiently safeguarded at scale across an ecosystem of agencies, partners, users, and devices. The common interfaces of a network infrastructure enable the easy addition of new applications, data, and authorities commensurate with changing business needs and missions. In concert, multiple paths through a network to resolve a policy provide needed reliability and resiliency.