According to experts, the keys to combating cyber threats are planning, prioritization and testing.
Keith Rhodes, senior vice president and chief technology officer for QinetiQ North America‘s Mission Solutions Group, recently outlined the ways in which civilian agencies and the Defense Department can plan effective defenses against cyber attacks on the nation’s critical infrastructures.
In an article for the Armed Forces Journal, Rhodes explained agencies can properly plan ahead by understanding how to accomplish the core mission when the network is penetrated, addressing the ever-changing nature of the cybersecurity and keeping an eye on the virtual horizon.
“The knee-jerk reaction in this key planning process is to go straight for technology — complex cyber defenses and weapons designed to protect critical data,” Rhodes wrote. “However, the first steps to effective cybersecurity do not involve high-tech silver bullets. Rather, these initial steps require identifying critical assets, understanding the potential cyber threat, and relentless and ruthless testing.”
He also explained the identification of mission-critical information is essential to building a strong system defense architecture.
“In a military operation, troops go into battle understanding that there could be casualties; some part of the unit may be lost,” he explained. “A similar mindset makes the most sense for cybersecurity, where well-intentioned attempts to protect everything end up protecting nothing.”
“Data triage will help identify what parts of the network must have every cyber protection and what parts may be more expendable,” he added.
Lastly, Rhodes stressed the importance of network defense testing. Cybersecurity testing, he explained, involves examination of vulnerabilities in both technological and human elements.
“Try to get someone to allow entry into a secure building, and attempt to cajole passwords from the help desk,” Rhodes said. “This human-focused facet of cyber testing can help to ensure that every person in the organization understands his role in protecting the mission.”