While the sharing of information is important, Funding for research into methods for immediate breach awareness the minute they occur is a critical component for detection and mitigation. There is technology available that can spot and identify attempts at intrusion at the source. As we know, i.e. OPM and others had been breached long before there was a discovery of intrusion. Much remains to be accomplished toward... more »
4.Adopting a Threat-Aware Proactive Defense
How should the government expand beyond its emphasis on perimeter defense and even defense-in-depth, and instead put more relative resources toward combining actionable threat intelligence with robust response and resiliency strategies and architectures that account for the adversary’s point of view?
Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.
Today, America is in constant contact with the enemy - and the form of conflict has changed. The expansion of the Internet globally is being accompanied by an explosion of cyber threats. Nation-state adversaries, terrorists, and criminals exploit our weakly secured technology. The United States is principally reliant on its technology for a competitive advantage across the globe. Now, thanks to the Internet and cyberspace,... more »
Adopt content-centric security of data using digital rights management techniques to protect data at the source and track exfiltrations of data that depart from pre-set boundaries.
Insider threat represents one of the most vexing problem facing the USG. Executive Order 13587 seeks significant enhancements to address this threat to organizations critical assets-including employees, contractors and business partners. Theft of IP or classified information or PII via stolen credentials is a mounting challenge given the internal networks are often lacking effective security measures. Deployment of a... more »
APIs are windows into the Enterprise and need to be secured at every points of engagement between end user (consumer) and Enterprise crown jewels. In the API world, humans and machines seamlessly interact with each other and blend the trust boundaries between customers, partners and service providers. It is becoming increasingly hard to differentiate good human, authorized machine (apps) and cybercriminals who may exploit... more »
The DCOS concept is the opposite of the successful Distributed Denial of Service concept. Basically, we can engineer a product which utilizes the concepts of Big Data and Machine Learning. There will be an app loaded on participating servers, which alerts the administrator via dashboard, of successful attacks and the current state of the "Defense in Depth" posture and offer pertinent courses of actions to harden the system.... more »
(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force) How should the government expand beyond its emphasis on perimeter defense and even defense-in-depth, and instead put more relative resources toward combining actionable... more »
Currently, the government is still focused on perimeter defense will only a shallow defense-in-depth strategy. The problem centers on an enterprise architecture that is designed to usually protect the entire network at the same level, thus peanut butter spreading network defense resources. Agencies fail built a network defense strategy that focus on protecting their crown jewels, vulnerability reduction, and adversary... more »
4) How should the government expand beyond its emphasis on perimeter defense and even Defense in Depth, and instead put more relative resources toward combining actionable threat intelligence with robust response and resiliency strategies and architectures that account for the adversary's point of view?
Create Blue Team audits followed by Red Team operations performed by pre-qualified contractors or in-house staff using efficient contract services vehicle managed by GSA. Focus is beyond standard penetration testing and embraces “hunting” tactics largely used by DOD Red Teams to emulate adversaries. Increases resiliency and ability to enhance capability to address early indicators of APTs.
Practice response to cyber threats as part of overall emergency response capacity to build resiliency.
What is your most important line of business or function of your agency? What are your crown jewels (as another author here wrote)? What is the risk to those? What does the enemy want to achieve? This is the just the starting point of protecting your agency or business. Today, it is important to create a threat-aware proactive defense around your Cyber Key Terrain (C-KT) and manage the risk per line of business or... more »
Establish SLAs and/or performance metrics for threat detection, incentivizing contractors.
By nature, defensive safeguards place the adversary in control; he need only breach one point of weakness to reach success. In contrast, the defender must attempt to cover all possible weaknesses. Shoring up these weaknesses becomes a costly enterprise and the economies of scale help ensure the attacker maintains the advantage. Current security tools independently address weaknesses; suites of tools offer more complete... more »
“Quantitative Security”, is a new big-data approach to security that has the potential to fundamentally improve an agency’s level of protection and transform the way we sell security products. The high-level idea is to collect and analyze security telemetry from tools and sensors in order to come up with “quantitative” prescriptions about how a change in sensors settings or the deployment of a new sensor or module... more »