Would automated cloud security catch a 75-cent error?

Connect with state & local government leaders
Join Our Community
Featured eBooks
A New Era of Social Media Regulation
Strengthening State and Local Cyber Defenses
Making AI Work for Government
Insights & Reports
Get to know Bedlock Safety
Presented By BedLock Safety
Download Now
Using AI-powered location intelligence, state and local governments can build a sustainable future
Presented By Nearmap
Download Now
By Rutrell Yasin
 

Connecting state and local government leaders

By Rutrell Yasin

|

Automated security systems from public cloud providers will have to be configured to analyze behavioral patterns, but human analysis could make a difference, NIST's Lee Badger says.

Agencies moving applications to the public cloud will have to rely on providers for automated monitoring, threat detection and prevention, but might benefit from a human touch, Lee Badger, acting program manager of the National Institute of Standards and Technology’s cloud computing program, told a Washington audience recently.

To thwart future threats, automated intrusion, detection systems and firewalls will have to be configured for behavioral-pattern threat detection. But the added value of human analysis, a crucial element to enable system administrators to detect and track down the source of the intrusion, could be missing from the process, Badger said.

He spoke during a panel discussion on security and virtual environments at the Cloud Computing & Virtualization Conference and Expo in Washington, D.C., Sept. 8. The conference was sponsored by 1105 Media, parent company of Government Computer News.
 

Related stories:

Cloud security fears outweigh savings, but perhaps not for long

Cloud security awaits encryption breakthroughs

Badger noted the example of Clifford Stoll, an astronomer and systems administrator with Lawrence Berkeley National Laboratory in California and author of the book the “Cuckoo’s Egg.”

In August 1986, Stoll’s supervisor asked him to resolve a 75-cent accounting error in the computer usage accounts. He traced the error to an unauthorized user, who had acquired root access to the LBL system by exploiting a vulnerability in the movemail function, a computer program developed by the GNU Project that moves mail from a user’s Unix mail spool to another file.

Over a 10-month period, Stoll tracked the intrusion to Markus Hess, a German citizen who was working for the KGB with the objective of securing U.S. military information for the Soviets. Hess was able to piggyback off the LBL system onto the ARPANET and MILNET to attack 400 military computers.

It wasn’t technology that caught Hess. It was the fact that Stoll became determined to resolve the accounting error, even if it was for 75 cents, Badger noted. “Only the fact that he got really engaged [in solving the problem] allowed him to catch the guy,” Badger said.

An intrusion like the one Stoll uncovered is hard to find in a large environment, said C.J. Moses, deputy chief information security officer with Amazon Web Services Security.

Users need to be informed as to how their internal IT organization and external cloud providers treat security from an end-to-end perspective, said Max Peterson, vice president and general manager for civilian and intelligence agencies with Dell Federal Systems. The company recently entered the public cloud market with Dell Cloud with VMware.

Many organizations that are compromised don’t even realize there has been an intrusion in their network, noted Steven Chabinsky, deputy assistant director of the Federal Bureau of Investigation’s Cyber Division.

“They have little way of knowing if systems have been altered” during an attack, he said.

There is a need for technology that addresses assurance and attribution. Tools that can help users react to changes in their data, hardware and software environment address the issue of assurance.

Tools that give administrators a better view of who is on the network and what they are doing address the area of attribution. The Internet by design is private and anonymous, allowing people to route through different IP addresses and protocols, Chabinsky noted.

The cloud could be a test bed to aid in the rapid deployment of these new solutions because of its scalability, he said.

Cloud platforms could serve as “new flexible, scalable environments to test highly secure systems on,” Chabinsky said in an interview after the panel discussion.

Assurance and attribution does compete with civil liberties and privacy. A public dialogue is needed that would help foster the creation of alternative solutions, he said.

If there is a security breach in the network system that supports the electric power grid, maybe the attribution data can be encrypted and the government can access that data through the legal process.

However, in many instances, if someone has inserted malware that alters an organization’s systems and then withdraws the malware, the evidence is gone by the time law enforcement gets to the scene of the crime.

Individuals are then “losing their constitutional right to be protected by government,” Chabinsky said.

Industry and the government have to move beyond focusing on vulnerability management and find ways to stop bad guys, he said. “We can’t win only on defense,” he said, noting that the networked world is a constantly evolving environment.

NEXT STORY: Some tough questions you need to ask your cloud provider

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.