Oct 29 2013

ELC 2013: Defending the Evolving Network

Automation is critical as threats and boundaries change.

Defending their network perimeters has long been an important element of agencies’ cybersecurity strategies, but this has become even more difficult as technologies such as cloud and mobile computing make simply defining the perimeter a challenge.

“In this environment, the boundaries really become very murky,” said Dave McClure, associate administrator of the General Services Administration’s Office of Citizen Services and Innovative Technologies, during a panel discussion at the Executive Leadership Conference.

The complex nature of federal IT systems creates a “fog of more,” which hampers efforts to protect government networks, said Frank Reeder, cofounder of the Center for Internet Security and a panelist along with McClure at the conference, which is held by the American Council for Technology-Industry Advisory Council. 

Automating cybersecurity tasks is a critical tactic to deal with the complexity, said Phillip Quaid, director of the National Security Agency’s Office of Analytics and Business Intelligence. And while defending the perimeter remains a necessity, agencies must also protect the data inside their networks; otherwise, they make themselves vulnerable to encrypted malware or zero-day exploits, Quaid added.

Automation and “good hygiene” — maintaining cybersecurity best practices — can help agencies defend themselves against roughly 95 percent of the threats they face, Reeder said, adding that human intellect and experience are required to deal with the toughest 5 percent of threats. Reeder suggested that establishing a professional cybersecurity designation is a necessary step to developing the personnel needed to defend federal networks.

Reeder suggested five steps agencies can take to protect their networks:

  • Whitelist software (agencies should allow only applications that have been verified to work safely)
  • Establish security configurations
  • Conduct timely software patches
  • Conduct timely hardware patches
  • Significantly limit administrator privileges

Information sharing also is important as agencies face constantly evolving attacks from a variety of vectors. An agency that has success in stopping an attack can help others by sharing information on which tactics work and which do not, said Paul Cunningham, deputy associate CIO for cybersecurity at the Energy Department.

<p>Wavebreak Media/Thinkstock</p>