Archive

Posts Tagged ‘innovation’

The big cybersecurity challenge: Time-to-detection

July 29, 2015 Leave a comment

Do you sunbathe? You shouldn’t in this day of hypersensitivity about skin cancer. But if you do, the sunlight falling on your liver-spotted, lizard-like skin has been traveling through space for about nine minutes. When you gaze at the night sky and see Alpha Centauri, you probably remember from grade school that light from that nearby planet takes about 4.3 years to get to earth.

If something like a Burning Man festival were held on Alpha Centauri, you wouldn’t know about it until 4.3 years after it was over. Too late to load up your Airstream and get there in time for the fun. Most stars are so far away, they probably collapsed into black holes a billion years ago, yet all we see is merry twinkling millennium after millennium.

Not to over-dramatize, but this is how things are in cybersecurity — specifically intrusion detection. When the Office of Personnel Management was patching its systems, it discovered its great breach, months after the break had occurred. It might have been still more months before anyone noticed the anomaly. It reminds me of a corny roadside display in Pennsylvania when i was a kid. A sign on a little barn said, “World’s Biggest Steer Inside.” When you pulled over and peered in the window, you saw a big jagged hole in the back of the barn, a chain lying in the dirt, and another sign, “Too bad, guess he got away!” There must’ve been a gift shop or goat’s milk fudge stand nearby.

This is one of the big problems with modern-day cyber attacks. Too often, IT and security staffs only find out about them long after the damage has been done and the hackers moved on to other soft targets. If it takes seconds or minutes to exfiltrate data, what good does discovering it do next year?

I recently spoke with John Stewart, one of the top security guys at Cisco. The topic was Cisco’s Midyear Security Report. Here’s my summary: Federal IT and security people, like everyone else, have plenty to worry about. Like the fact that a thousand new security product vendors have started up in the last five years, yet most of them sell non-interoperable software. Or that the white-hat, good-guys side of the cybersecurity equation is literally about a million qualified people short.

Yet among the most seemingly intractable problems lies time-to-detection, or how long on average it takes for organizations to find out they’ve been hacked. This makes it likely that many more successful attacks have occurred than systems administrators are aware of. Stewart says most of the data show that IT staffs routinely take months to detect breaches. A major goal of the products industry and practitioners’ skill sets must therefore be getting time-to-detection down to seconds. At this point, I’ll bet many federal agencies would be happy with days or hours.

Malicious hackers aren’t standing still, the Cisco report points out. They’re switch vectors and modalities at lightning speed. They’re using wealth transfer techniques that stretch law enforcement’s ability to detect. Stewart says, systems like Bitcoin and the murky avenues of the dark web don’t include or even require the typical middlemen of the surface financial transaction world — such as banks, transfer networks, mules. He describes the bad-hacker industry using a term the government likes to use for itself: innovative. 

Embedded IP domains and fungible URLs, jacking up data write-rewrite cycles to dizzying speeds, or quietly turning trusted systems into automated spies in the time it takes someone to go for coffee — that kind of thing. You might call it agility. They’re dancing circles around systems owners. The hacking community has become wickedly innovative at evading detection, Stewart says, exploiting the common systems and software everyone uses routinely.

He adds that the motivations of bad hackers have blossomed into a veritable bouquet. They go after systems for espionage, theft of money or intellectual property, terrorism, political activism, service disruption and even outright destruction. That’s a good case for the so-called risk-based approach to cybersecurity planning. If you’re a utility, disruption or destruction is more likely to be the hackers’ goal. If you’re a database of people with clearance, espionage and theft are good bets.

Answers? As cybersecurity people like to say, there is no silver bullet. Stewart says nations will have to cooperate more, tools will have to improve, people will have to get smarter. Cisco hopes to build some sort of architecture framework into which the polyglot of cyber tools can plug, reducing what he calls the friction of integration.

For now, a good strategy for everyone connected to cybersecurity is to bore in on the essential question: How soon can we know what’s going on?

Advertisements

Nothing like cash to bring out real innovators

September 22, 2011 Leave a comment

Two of the most dreadfully overused words these days are “innovation” and “job creators.” Politicians who talk about “job creators” ad nauseum mostly don’t have the faintest clue about what it takes to create even one  job on a firm, sustained basis. That is, to cause wealth creation. They fail to understand that at best, government imposes only a small drag on people doing the work of the word. At worst, it smothers economic growth, using an array of blankets.

“Innovation” hardly means anything, when people apply it with the same breathlessness to some new web gewgaw as they would to a new rocket ship. Government, while it doesn’t itself innovate, can help create  conditions in which innovation occurs. A case in point is the Global Security Challenge.  A small agency called Technical Support Working Group, funded by the Defense Department, is behind this challenge. The challenge prize — in this case $500,000 divided between each of two winning companies — is provided by TSWG. BAE Systems also contributes to the process. The whole thing is staged by a contractor, OmniCompete of the U.K. It also stages challenges in other fields with other sponsors. In this case, the goals it to find great and promising new innovations in security.

I was a judge, one of five, for the U.S. East Coast regional competition in the Global Security Challenge. The competition took place at the Australian Embassy (with a reception afterwards up the street at the New Zealand Embassy). The chief judge was John Morgan, technology advisor to the Army Special Operations Command. We heard from two sets of five companies — small, going companies with revenue and startups, which mostly don’t yet have operating revenue. Each company sent one or two representatives give five-minute presentations, followed by 10 minutes of Q&A by the judges.

Wow.

Talk about real innovation. And the potential for jobs creation.

All of the presenters were smart cookies. They ranged from brainy engineers to slick salesmen. Some were canny, repeat entrepreneurs who’d started and sold other companies. Several had long histories in the thickets of federal contracting and service delivery to military customers. Connected people. They represented technical developers from all over the world. Israeli engineering strength undergirded several entries. One company had its complex mathematics models programmed in Russia.

I found the range of innovations startling. One startup called WallEye developed a microwave camera capable of seeing through walls yet priced cheap enough to produce as a tool you will be able to buy at Home Depot. The secret? Reduction of wave propagation technology from expensive electronics to a plastic spinning antenna the company can produce for pennies apiece.

In the end, we chose as one winner a company called DefenSoft, whose software, it said, makes short work of planning the placement of communications towers, antennae, cameras and sensors in complicated campuses with difficult terrain. Its chairman, Kris Nybakken, was a founder of WebMD. Its CEO, Lawrence Cassenti, is a veteran of many border installations and defense communications projects. Our other winner was a startup called InView. It’s founder, an engineer named Bob Bridge, has replaced the receptor array in an infrared camera with a single, micro-mirror detector. This change drops the cost of an industrial infrared camera by an order of magnitude.

Some ideas were more impressive than others, and we argued back and forth before settling on a single choice in the two categories. That’s about all I am allowed to say about our deliberations. But in all cases, we witnessed the competitive drive of people producing new things because of their creative drive and desire to capitalize on their brains.

The winners from our D.C. regional event join winners of other regional presentations from all over the world. They convene in London for the finals next month.