A new report examining current key cyber threats facing the United States has highlighted the deep interrelatedness of the challenges and how they require a more multifaceted solution.
The “Understanding Today’s Cyber Challenges” report by TASC divides 21 key cyber threats into three categories: psychologically driven cyber challenges, process-driven challenges and technologically driven cyber challenges. These challenges range in severity from those that can be easily addressed to those that require more extensive investment.
Psychological cyber challenges, the report says, may be impractical to completely address because they are linked to ingrained human behaviors. These types of challenges are often individual behavior issues, but also significantly influenced by a country’s group behavior or culture, which means culture cannot be ignored when considering these kinds of obstacles.
Process challenges start at the very top of an organization, the report says, and often include shortcomings such as defining roles and responsibilities, establishing an appropriate level of transparency, and agreeing on the breadth of educational efforts.
Encompassed by the process challenges are the chain of trust, classification of data, cyber rules of engagement, and the threat of the insider, which the report describes as “quite possibly the greatest challenge.” Because of technological advances and e-commerce developments, insiders now can easily gain access to critical information, a problem that will only continue to get more complex as the world becomes more interconnected, the report noted.
The technologically driven cyber challenges involve issues such as attribution, auditing, systems integration, cloud computing and virtualization. Another key area is intrusion detection — the monitoring of the network to detect signatures of known malware or patterns of activity that are unauthorized.
Many assume incorrectly that if only authorized individuals have access to the cyber systems, those systems are to a large extent protected. However, by ignoring the potential of an insider threat, intrusion detection becomes a challenging problem, the report noted. Most current security detection systems are signature based, yet signature-based defenses are inherently perimeter focused, and advanced threats and zero-day exploits can circumvent these barriers.
The report also noted there is no silver-bullet solution that can address the extent of cyber challenges facing today’s enterprise. Many of the cyber challenges are tightly linked; the ability to effectively attribute a cyber attack to a culprit requires not only technological advances, but also process-level changes in the form of new laws and regulations. Very few of the challenges will ultimately avail themselves of technical solutions in the short term, so a near-term focus on the process and psychological cyber challenges may realize the highest return, the report concluded.