Agency networks should not only be able to continuously detect hackers and throttle their destructive tactics -- but also robotically bounce back, an NSA official says.
Now that the Department of Homeland Security has ponied up $6 billion for governmentwide, automated computer safeguards, a top National Security Agency cybersecurity official says the approach has its shortcomings.
Agency networks should be able to not only continuously detect hackers and throttle their destructive tactics -- but also robotically bounce back.
“We’ve talked about the need to go from static defenses,” such as firewalls, under so-called continuous monitoring, to “active cyber defenses -- doing automated hardening, automated defense of our networks,” said Philip Quade, chief operating officer of NSA's information assurance directorate. “But I think there is one more step that we’re not really talking about and that’s automated regeneration, automated resiliency.”
The pricey DHS-sponsored initiative now underway, known as continuous diagnostics and mitigation, or CDM, is expected to supply all agencies with sensors and specialists to move from traditional three-year vulnerability checks to real-time problem spotting. Agencies have until 2017 to achieve full implementation.
In between CDM and futuristic self-healing is active response, sometimes called "active defense," which can include, for example, sharing threat intelligence with potential targets in real time.
Yet, "even with these automated defenses in place, bad things are still going to happen," Quade said. Organizations need to be asking themselves: "What can you do to automatically regenerate to a minimally secure state, and be automatically resilient and get back to the operating position?"
Quade was speaking at a cyber industry forum in McLean, Virginia, hosted by the Chertoff Group.
Quade called automated resiliency "the next big thing," but added, "I'm not optimistic that we're getting anywhere close to that."
Don't panic yet, federal government. NSA and DHS are thinking ahead, he said.
Right now, the two agencies, are already collaborating on this sort of spontaneous regeneration, Quade told Nextgov after the discussion.
Ultimately, as arbiter of governmentwide cyber operations, DHS would make the decision whether to roll it out fully.
But it makes sense "to take the work that we and DHS are doing and define it as the natural next phase of CDM," Quade said during the interview.
To be clear, he added, continuous monitoring "is a very, very good thing, but you need to have the ability to act."