Cyber security does not have to be so hard
Former DoD CIO Terry Halvorsen laid clear foundations for a successful Cyber security mission strategy.
“Cyber security, unlike probably any other warfare area in the past, is completely ubiquitous in everything we do. Cyber is unique from the other domains, because it is so interconnected and has no geographical boundaries.”
“It is going to require us to be more enterprising in our cultural understanding and actions with it. DoD civilian and military leaders need to understand the importance of cyber defense”
Halvorsen highlighted that with the ever-evolving threats, the thinking on cybersecurity needs to evolve as well. Former President Barack Obama also talked about the need to think differently about cyber threats in a 2016 interview with Wired:
“Part of the reason why cybersecurity continues to be so hard is because the threat is not a bunch of tanks rolling at you, but a whole bunch of systems that may be vulnerable to a worm getting in there. It means that we’ve got to think differently about our security, make different investments that may not be as sexy but may actually end up being as important as anything.”
Earlier this year, Pentagon officials addressed emerging cyber challenges before the Senate Armed Services Committee hearing on foreign cyber threats to the United States.
Develop and refine your objectives
The Undersecretary of Defense for Intelligence, Marcel Lettre, explained how the DoD has developed and refined cyber mission objectives, which include defending networks, providing cyber options for military commanders and protecting the nation against cyberattacks.
He also championed a deepened partnership between the government and private sector, describing industry as the source of much of the world’s greatest technology talent, which must be looked to for support “in innovating to find cyber defense solutions, build resiliency into our critical infrastructure systems and strengthen our deterrence.”
So, what are the challenges of achieving this resiliency, embedding cyber at every level and creating an efficient and effective defense?
The cyber security landscape today is made up of advanced persistent threats (APTs) and these attacks are driven not only by human assailants, but also by automated bots.
The sheer volume of incoming threats are swamping human resources and the cyber skills gap continues to grow, with a predicted shortfall of 1.8m cyber security workers by 2022.
Automation and effective use of expertise are key components of a successful cyber strategy. However, it is paramount that any tool used for defense is accurate and reliable. Intelligence should be built into tools to ensure that findings are trustworthy and actions taken are effective, timely and beneficial.
Unfortunately current enterprise tools have fallen short on providing the depth and reliability of information needed for effective automated defence. However, the deepened partnership between the government and private sector may provide the solution.
Best of breed tools, that currently haven’t been harnessed at enterprise level, combined with the expertise of trusted contractors and service partners could provide the Next Generation Enterprise Cyber Solutions.
The latest independent research confirms Nipper Studio as the most reliable baseline and configuration analysis tool in the world. In a recent STIG audit comparison, Nipper Studio significantly outperformed Nessus (its closest rival) in both depth of analysis and accuracy of results.
Nipper Studio analyses vulnerabilities and security weaknesses in firewalls, switches and router configurations. By replicating the detailed processes of top industry consultants, it intelligently automates a labour-intensive process, allowing organisations to streamline their cyber security workload and reduce the cost of cyber defense.
The end-goal is full enterprise automation – until then, best of breed solutions can bring huge operational efficiency gains. When trustworthy, reliable tools are used to accelerate cyber defenses labour-intensive but essential processes, you release your experts for strategic offence and empower junior team members to perform analysis.
This allows organisations to embed cyber at every level, tackle the skills gap and build a more resilient capability.
Nipper Studio has been supporting this cyber mission since 2009. Users include the U.S. Department of Defense, DoE, DoA, VA & US Treasury as well as the UK government, FBI, PayPal, and Deloitte. Take a 30 day free trial today.
Read more about; How automation can prevent a future cyber attack