Lean, mean cyber secure machines
Connecting state and local government leaders
Agencies need systems that are more trustworthy, secure and resilient, cyber experts say.
“Lean and mean” systems, as opposed to general-purpose computing solutions that accommodate many applications, users and consumers, are key to cybersecurity in the current environment, three experts said April 25 during a panel discussion at the Cloudera Government Forum in Washington, D.C.
“In an ideal world, you need systems that are more trustworthy, secure and resilient,” said Ron Ross, a fellow at the National Institute of Standards and Technology. “You have to go back to a leaner and meaner architectural construct.”
Ross likened advanced security to the use of a safe-deposit box: “You have a lot of important stuff in your house, you have a lock on your front door, but if you’re like me, you take some of your stuff to the bank and get a safe-deposit box. Why? Because that’s a safer domain.”
Government officials can do the same with information technology, he said. They need to decide what’s most mission-critical, put that into its own domain and then reduce the complexity of that domain.
As the FBI is consolidating its IT systems, it’s taking the opportunity to also reduce risk, said Joseph Mitchell, section chief for enterprise data analytics at the bureau. “As we bring those systems together in a sort of big data environment, it’s affording us to remove the chances of risk by bringing more focus on a larger platform,” he said. Those systems can then be managed by the “pockets of excellence that exist within the organization,” he said. “We’re also doing major efforts to transform the amount of cross-domain solutions we have, the amount of circuits we have, all of those kinds of things.”
Critical to the FBI’s consolidation effort are collaboration and communication, he added. To that end, stakeholders from across the bureau are part of the conversation, which helps to ensure that security is built in as changes are made.
“The fact is in many cases, you need to beef up your monitoring, you need to have a response plan, you need to have those kinds of things in place because sometimes things aren’t meant to converge, sometimes things aren’t meant to be separate,” he said.
William Vanderlinde, chief scientist at the Intelligence Advanced Research Projects Agency, said IARPA has three programs aimed at boosting cybersecurity. The Scientific Advances to Continuous Insider Threat Evaluation program is run by a mathematical psychologist whose team is looking at behaviors associated with dishonesty to find active indicators of insider threats.
Another program is the Cyber-attack Automated Unconventional Sensor Environment, which looks for indicators of an imminent cyberattack. “On the dark web, there are various hacker tools available, things like zero days and botnets, so as with most things, the price of those depends on supply and demand,” Vanderlinde said. A spike in the price may mean someone is getting ready to attack.
The third program is VirtUE, a cloud- and virtual machine-based program looking to protect against outsider and insider threats through role-based virtualization -- a virtuous user environment.
Rapidly changing technology has its positives and negatives, Ross said. “We are literally living through the greatest time in our history as far as the technology, the advancements and everything that this innovation is bringing to us. It’s making us more productive, it’s allowing us to do things we never thought we could do before,” he said. “The bad news is that we have to be able to protect what we deploy, and I think there has to be a conversation at some point – probably fairly soon – that recognizes our cybersecurity problems -- because we still, with all of the money we spend on cyber, we still have significant numbers of breaches and damaging attacks going on.”
Asked to summarize his key takeaway from the discussion, Vanderline had three words of advice: “Never trust anyone.”