Cybersecurity Ecosystem: The Future?

The Department of Homeland Security on Wednesday rolled out its much-anticipated white paper on the ecosystem of cybersecurity. The document, according to DHS:

explores technical options for creating a safer, more secure and resilient network of networks. Specifically, the paper looks at how prevention and defense can be enhanced through three security building blocks: automation, interoperability, and authentication. If these building blocks were incorporated into cyber devices and processes, cyber stakeholders would have significantly stronger means to identify and respond to threats--creating and exchanging trusted information and coordinating courses of action in near real time.

While "ecosystem" suggests an environmental approach, the paper actually suggests that cybersecurity should mirror the body's immune system. DHS says that in the cyber world to come, cyber devices, much like bodies, will defend themselves against attacks to keep the system "healthy."

Instead of the ad hoc approach we currently have, the cyber ecosystem will use automation, interoperability, and authentication. DHS likens "automation" to the body's ability to defend, destroy, and clean itself. In the cyber ecosystem, Automated Courses of Action (ACOAs) will allow a system to automatically develop a defense strategy, while fighting through attacks.

Just as the body rejects things that are bad for it, the cyber ecosystem will employ strategies that reject what is not good for it; when possible "bad things" or a disruption are detected, the system will diagnose the problem and figure out how to automatically protect itself in the future.

The paper is thought-provoking and the start of a conversation. While the health analogy is not new (computer "viruses" have long been "infecting" computers), this paper additionally maps out where the government may go in creating cyber equivalents to the Centers for Disease Control.

At the end of the document, DHS asks for feedback, including thoughts on a proposed action plan relating to game-changing initiatives. Among the initiatives listed are:

  • Piloting, demonstration, and rapid promulgation of community and inter‐community ACOAs for collective defense
  • Piloting, demonstration, and rapid promulgation of security content automation standards for functions described in the second and third waves of Figure 5
  • Building upon the draft NSTIC to achieve standards‐based device authentication, including small and often wireless devices composing massively scalable grids.
  • These ideas suggest that the government is serious about moving beyond strategies and plans and actually is looking for technical and tactical solutions to the cybersecurity problem.