ACT-IAC Cybersecurity Innovation Initiative Search Ideas

Instead of mandating information sharing we should look at this issue as one of national security. For example, if there were a potential for pandemic, that information would first be thoroughly investigated by the CDC and others before being communicated to the broader public to prevent unnecessary panic. That’s a good thing. The challenge with information sharing is that it has the potential to create more noise,... more »

i. Though the level of intelligence we have will continue to grow over time, by definition it will always be incomplete. While it’s useful to focus on external intelligence we must obtain better intelligence on internal environment, focusing on risk factors. Using the LMCO kill-chain model, we can start to map activity to phases. However taking this view from a single “observable” in a network is insufficient because... more »

i. This is a big data for cyber security issue. It’s difficult to find a managed system that is not able to report on network and OS-level activity (e.g. Syslog, SNMP, etc.). We’re not talking about a log-manager or SIEM but rather the resulting data (structured and unstructured) being transferred securely into a data repository for link analysis, correlated with various sources of threat intelligence and end-point... more »

Multi-level access controls such as Bell-LaPadula have been in place for government applications for a very long time with good success. Why not implement a similar model for access across the board. A well defined business environment should understand where critical data is located and the risk involved with that data and control access based on area of responsibility or job function. Users and hosts should be limited... more »

It is time to rethink the notion of an audit from something that happens periodically to some that can be continuously analyzed at will, in real-time. It is unacceptable that an organization wouldn’t have complete visibility into activities associated with all users, hosts, and applications within their network infrastructure. This becomes minimal acceptable hygiene, a starting point, inclusive of threat intelligence... more »

A collectively stronger cybersecurity ecosystem means better protection for consumers and businesses. Alliances between incident responders across various industries and organizations are forming today, to help prevent cyber-attacks and to help reduce their damage.

Microsoft Interflow, using a distributed architecture, enables sharing of security and threat information within and between communities for a collectively... more »

There is already a significant volume of cyber threat and vulnerability information shared, as well as numerous programs designed to assist the process. What we don’t need are new structures and new programs – government should look to improve on existing ones rather than attempt to reinvent the wheel.
Timeliness is key – push out more and better information earlier. Industry still feels like the government to private... more »

“Quantitative Security”, is a new big-data approach to security that has the potential to fundamentally improve an agency’s level of protection and transform the way we sell security products.

The high-level idea is to collect and analyze security telemetry from tools and sensors in order to come up with “quantitative” prescriptions about how a change in sensors settings or the deployment of a new sensor or module... more »

The answer may not be “innovation” but going back to basics. It starts with comprehensive asset management. An agency has to identify ALL hardware and software assets on its network. You can’t scan hardware for configuration errors or software for missing patches if you don’t know those devices exist. Every unknown asset is a potential threat vector. This will also help compress breach-to-detection-to-response times.... more »

Inconsistent security controls are often a result of human error. A move to “Orchestration”, or an approach that automates control implementations can lead to more effective and relevant utilization of controls. Benefits include:
Enabling the Software Defined Data Center
Centrally define security policy
Security policies move with VMs
Reduce security as a choke point; accelerate business agility and responsiveness by... more »

The Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost. The SDL is composed of proven security practices that work in development organizations regardless of their size or platform. It consists of multiple phases in which core software assurance activities are defined. Computer... more »

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »