It was from a security professional at another organization. The report told of a cyber attack that had been identified but which continued for several hours within the company — all because different departments were responsible for individual aspects of analysis and response to the attack. That was one scenario that Mark Ives never wanted to see occur within his own organization, Alion Science and Technology Corporation.
And so, Ives began an ambitious new program within his own organization. Developed this year, the program — Alion Cyber Warrior Training, as it’s known — is still in its preliminary stages, but this much is clear: It goes beyond the typical approach to cybersecurity training found at many corporations to stress an end-to-end philosophy on combating cyber attacks.
“We believe that a cyber warrior should be trained to understand the threat end-to-end within the enterprise,” says Ives. “That means our people are trained so that when an attack materializes, they can determine the risk to all portions of the enterprise, not just one section.” That also means no hours-long wait, either, to stop an attack cold.
Cyber attacks, on the rise
An end-to-end approach to cybersecurity is an idea whose time has come — for industry, as a whole. While no hard-and-fast statistics exist (not releasable ones, anyway), talk to enough CIOs within government contracting and they’ll admit: Targeted cyber attacks against companies that serve the federal government have, in some cases, doubled, even tripled, over the past year.
Those attacks — everything from spear phishing to malware such as Trojan, at the hands of well-organized, and well-funded factions — are proving more comprehensive, more complex, and poised to do even greater damage not just to contracting firms but the government customers whom they serve.
All of which explains why Ives isn’t taking any chances.
“We believe our end-to-end response method is the quickest and most effective means of stopping an attack, understanding the attacker’s purpose and methods, and preventing future attacks of a similar nature,” says Alion CIO Mark Ives.
Cyber training: Replicable lessons
So far, Alion’s cybersecurity training has focused on internal personnel; those with IT backgrounds and basic network experience are eligible for training. And, while no formalized benchmarks exist (yet), Ives, along with Alion Deputy CIO Jerome Fath, the principal architect of the program, is pleased with preliminary findings. “The result, so far, has been a safe enterprise with numerous thwarted critical attacks,” says Ives.
Ives also aims to broaden the training’s reach. “We hope to open up the training to government and commercial personnel within the next few months,” he says.
Along with Alion’s cyber training, Ives’ team has “supercharged” existing technologies: most notably sandbox, honeypot, intrusion detection system (IDS) and intrusion protection system (IPS). “Those things are what comprise your cyber defense force of today and tomorrow,” he says.
Meanwhile, for CIOs looking to implement similar training within their own organizations, Ives, who’s served as Alion CIO for the past nine years, has some key advice. “Make sure your cyber warriors (and trainees) understand the business environments — and the systems — most ripe for attack,” he says. “Ensure,” he adds, “that your attack response methods include all IT functions and key business functions, from start to finish.”
Onward, cyber warriors
A solid cybersecurity posture is helping Alion continue to do what it does best: research and development. Much of the new research is around the integration of data warehousing methods with collaborative applications, reporting systems, and other key commercial off the shelf (COTS) enterprise applications.
“Business operations want critical data to be available instantly and in an effective, easy- to-use fashion,” says Ives. “Each successful R&D effort in this area results in immediate value to the enterprise,” he says.
On the cybersecurity front, Ives’ team has initiated several R&D efforts in developing cyber warfare tools to more effectively perform log analysis and, as Ives puts it, “to catalog our adversaries, their attack methods, and specific objectives.” Throughout, Ives remains cautious. “We don’t want security functions to hinder business operations,” he says, adding. “What we have to do, as much as possible, is fold security operations into day-to-day operations in the enterprise.”
Helping to foster that nonintrusive approach will be Alion’s new ranks of cyber warriors. “We’re going to increase our levels of experience and training in our cybersecurity forces and our team,” says Ives. “We’re also going to continue to push our cyber warrior training and make sure that we get as many people as we can through the course, wherever they may be.”
For any enterprise, that’s as close as end-to-end as it gets.