Posted on Wed, Jan 27, 2010 @ 12:49 PM
The failed attack on a U.S. airliner on December 25, 2009 prompted U.S. President Barack Obama to focus on the state of collaboration between U.S. intelligence and security agencies. President Obama stated, "The bottom line is this: the U.S. government had sufficient information to have uncovered this plot and potentially disrupt the Christmas Day attack. But our intelligence community failed to connect those dots, which would have placed the suspect on the no-fly list. In other words, this was not a failure to collect intelligence, it was a failure to integrate and understand the intelligence that we already had."
The President's ire has led to focus on an initiative by the Office of the Director of National Intelligence (ODNI) to create a "common trust environment" for collaboration and sharing of information within the U.S. intelligence community.
In the words of Director J.M. McConnell, "The information sharing strategy is focused on developing a ‘responsibility to provide' culture in which we unlock intelligence data from a fragmented information technology infrastructure spanning multiple intelligence agencies and make it readily discoverable and accessible from the earliest point at which an analyst can add value. "
"This new information sharing model will rely on attribute-based access and tagged data with security built-in to create a trusted environment for collaboration among intelligence professionals to share their expertise and knowledge."
Shift to role and policy-based network security
The foundation of this initiative is a shift from traditional firewall and identity-based security to role-based policy management of the network. Policy-based security can, on the fly, adjust security measures to allow the right users - to have the right access - to the right information - from the right place - at the right time.
We find policy-based security controls in Network Access Control solutions and flow-based network switches which give security managers granular control of the network. You can manage who has access to specific databases, at what time of day, from which location, from what department, what functional (role) responsibility and even from what type of device.
In a dynamic environment such as that found in government intelligence agencies, it is policy-based security that will enable true collaboration amongst disparate parties dealing with sensitive information.
Now intelligence analysts will be better able to "connect the dots" and go beyond the boundaries of traditional culture that led to silos that inhibited information sharing. These organizations had established their own security classification rules and procedures, resulting in inconsistent use and understanding of security markings.
ODNI's goals statement summarizes this concept:
- Define a uniform identity structure and uniform attributes to enable identity management, develop uniform standards and guidance for identity management, and support decentralized, agency-specific implementation
- Establish identity management standards for authentication, authorization, auditing, and cross-domain services
- Develop information security policies to support logical and physical data protection efforts
- Create a common classification guide for the Intelligence Community
- Establish a risk management approach that supports the common trust and information environment while still protecting sources and methods as well as sensitive information from disclosure
Organizations struggling with collaboration and the free flow of information across geographic boundaries, multiple trading partners and distributed business units may find an answer in role and policy-based network access solutions. If it works for the CIA, FBI and DHS it may just work for you.
Posted on Fri, Dec 18, 2009 @ 09:59 AM
Ever wondered what the Department of Homeland Security (DHS) is doing to protect government networks and what you can do too? Government networks are some of the most highly targeted sites by cyber terrorists. They come under attack hundreds of times per year. To protect government assets DHS uses a network flow
monitoring system called
Einstein 1 and a system called
Einstein 2 - an intrusion
detection system.
DHS is in charge of monitoring the .gov domain for potential threats and works with several non-federal partners in various network security programs. While primarily focused on federal networks, DHS is now branching out to deploy Einstein on civilian and state networks in partnership programs under the auspices of DHS' U.S. Computer Emergency Readiness Team (CERT).
Philip Reitinger, Deputy Under Secretary, National Protection and Programs Directorate, DHS, has said a third version of Einstein with more advanced technology is envisioned that would be an intrusion prevention system across civilian networks and systems. The additional surveillance and intrusion response capability would give the government better awareness to protect the public, according to Mr. Reitinger.
In addition to Einstein 3, DHS has a variety of other initiatives under way to enhance the cyber security of federal and civilian networks including:
- Consolidating agencies' external Internet connections to reduce the number of entry points for potential outside threats
- Developing a supply chain risk management framework to address security threats and vulnerabilities that could be introduced into hardware and software acquired by federal agencies
- Establishing the Industrial Control Systems Cyber Emergency Response Team facility, to synchronize incident response activities related to attacks on control systems operating the Nation's critical infrastructure
- Initiating an information-sharing pilot working with the Financial Services Information Sharing and Analysis Center to enhance threat information sharing with the financial services sector
So what we learn from the DHS programs is that a solid network security plan will include: (1) a network security system that monitors, detects and prevents intrusions; (2) a strategy of reducing access points (network nodes, connections, rogue devices, multiple software packages used by end users); and (3) collaboration with trusted security partners to share incident response and threat information.
Posted on Mon, Nov 09, 2009 @ 08:49 AM
This was the headline after the Secretary of the Department of Homeland Security (DHS), Janet Napolitano, said the concept of a cabinet-level IT position for cyber security was overkill. Secretary Napolitano noted that IT networks and services underlie most operations today, therefore all we need is for citizens to be more careful when they are online. Really? Is it me or does this sound like the campaign for teens to "just say no?"
We can't escape the fact that our society has evolved where public trust is the foundation of our technologically based culture. And if trust becomes faint due to lack of accountability for cyber security, we'll take a step back into the stone ages (pen and paper letters, standing in teller lines, ordering through catalogs -remember those days?).
Seriously, in private industry and in the largest, most complex organizations there is someone accountable for the network security function. I ask you why the government should be any different.
If nothing else, with the Katrina disaster of several years ago, we learned that when no one is accountable for critical functions, or assumes the "other guy" is handling it, things fall through the cracks. I agree with Secretary Napolitano that "It's really hard to segregate [IT] out." In her speech she states, "I'm not sure that I think that a cabinet-level position is necessary. And the reason is that cyber runs through everything that we do as a government."
This is all the more reason to have that cyber security czar at the helm. The threat to America is no longer limited to long range missiles, but closely targeted network attacks that could disable everything from traffic lights, to electric grids, nuclear plants, financial systems, even our phone systems. To date these scenarios have been the stuff of movies. But I can guarantee you there is some terrorist thinking about the possibilities.
As a country we've witnessed the shift of our culture from agrarian, manufacturing, and now to services. And this services-based economy is built on the embedding of technology in almost every aspect of American society. Literally all our personal, community, industrial and governmental processes interface with technology in some form or fashion. From ATMs to booking a flight. If you want to take step backwards as a society, imagine if we lost trust in the very networks which support our way of life.
Accountability and vigilance in security has to be a high priority if we are to enjoy the standards and reap the benefits of the technology age we live in.
A security czar coordinating among the various departments and championing the standards that impact government, jobs, global trade, social services and industry seems like a no-brainer.