Developing a Healthy "Cyber Ecosystem"

October 2011
Topics: Computer Security, Information Security Risk Management, Network Security, Prevent Terrorism, Safeguard and Secure Cyberspace
The universe of cyberspace is made of diverse entities that interact in ever-changing ways, much like in the natural world.

The universe of cyberspace is made of diverse entities that interact in ever-changing ways, much like in the natural world. From people with laptops, smart phones, and tablets, to companies and government agencies with computers and servers——not to mention all the data those devices contain———this "cyber ecosystem" creates a target-rich environment. Malicious individuals or groups exploit vulnerabilities to steal identities, resources, and competitive secrets. And with cyber attacks on the rise, economic security and the continuity of government services are at risk.

To address these threats, the Homeland Security Systems Engineering and Development Institute (HSSEDI™) is working with the Department of Homeland Security to promote concepts developed in a recent white paper, "Enabling Distributed Security in Cyberspace," which MITRE helped produce. HSSEDI is the federally funded research and development center that MITRE operates for DHS.

"DHS is defining what civilian cybersecurity needs to look like going forward," says Glenda Turner, a MITRE senior principal information security engineer. Turner worked closely with DHS officials to refine the paper, which states that the key elements of effective cybersecurity are automation, interoperability, and authentication.

"With these building blocks in place, companies and government agencies would have much more effective tools to identify and respond to data or network breaches," she explains.

A Give-and-Take Discussion Refines Thinking

DHS is ultimately responsible for the security of the .gov and .com domains. Over the past several years, the department gathered input on network security from cyber experts, says Chris Folk, head of HSSEDI's Cybersecurity and Communications department, who also works on the project.

"Over the course of 2010, DHS and its partners—including MITRE—refined the paper in an iterative process two dozen times, to reflect the latest thinking on cybersecurity threats," he says.

"The paper is the starting point of an ongoing dialogue about specific areas of technical focus for the government on cybersecurity. The question is: How should the government share information? The paper kicked off the dialogue, and people are continuing to develop ideas around this question."

As part of the discussion, DHS and the White House hosted an interagency forum on cybersecurity in June 2010, during which DHS circulated a draft of the paper to key U.S. government officials. Cybersecurity experts from the Departments of Commerce, Defense, Education, Energy, State, the Federal Communications Commission, and numerous other federal agencies attended the event, called "Toward a Healthy Cyber Ecosystem." MITRE was the only non-government agency to participate in the forum.

Anticipating and Preventing Cyber Attacks

The white paper articulates DHS' vision of "the cyber ecosystem of the future," a place where private industry, academia, and the government can work together quickly to predict when attacks might take place, limit their spread, and minimize their consequences. (See: "What Makes a Healthy Cyber Ecosystem?")

"The principles outlined in the paper will help cyber stakeholders to create and exchange trusted information and coordinate courses of action in near-real-time as attacks unfold," Philip Reitinger, until recently the Deputy Undersecretary at DHS' National Protection and Programs Directorate, said in a statement on the report's release.

"In this future cyber ecosystem, security capabilities are built into cyber devices in a way that allows preventive and defensive courses of action to be coordinated within and among communities of devices," the DHS states in the paper. Making this possible will require combining interoperable devices with trusted information exchanges and shared security policies that can be refined in response to changing circumstances.

By contrast, today's cyber defenses largely rely on ad hoc, manual processes. Unfortunately, cyber criminals often plan attacks in a systematic fashion, starting with reconnaissance activities and escalating to more sophisticated and devastating levels of system entry. This leaves administrators struggling to keep up.

Defining Cyber Communities by Security Policies

In the paper, the DHS offers a recommendation for dealing with this state of affairs. "If cyber devices communicated in near-real-time with each other about attacks and took coordinated security-hardening response actions consistent with a defined policy framework, then critical business, mission, and privacy objectives could be better supported, and many security risks could be managed proactively and dynamically."

Defining cyber communities by policies rather than technical specifications would also enable stakeholders to collaborate dynamically to defend those communities from attack, the DHS maintains.

"To illustrate such a cyber ecosystem in action, one might look at the practice of 'continuous monitoring,' in which system managers use a variety of software products to automatically detect and report known security vulnerabilities in network nodes," says Margie Zuk, a MITRE senior principal information security engineer who also contributed to the development of the white paper. "To offer an analogy, continuous monitoring is to a healthy cyber ecosystem as smoke detectors and sprinkler systems are to a 'smart building.'"

Continuing the Conversation on Security Issues

Today MITRE continues to work with DHS to refine and promote the paper's key themes. "The paper is out for public comment, and the overall concept of the cyber ecosystem is being implemented in DHS' cyber defense strategies," says Folk.

Also ongoing is a discussion among MITRE and officials at DHS and other federal agencies of how the government can promote increased awareness and adoption of cybersecurity standards, technologies, and best practices, he adds.

As a result, the government is planning a follow-up to the white paper to articulate a specific cybersecurity action plan for federal agencies.

———by Maria S. Lee


Publication Search