Current computer and network technologies were built to help process and move data quickly from one site to another. Unfortunately, until recently, efforts to protect that infrastructure played second fiddle to business needs.
Consequently, cybersecurity has been implemented in an ad hoc and often slapdash fashion, leading to the current mess of firewalls and other devices backed by inadequate identification and authentication protocols and inhibited by piecemeal policies and fragmented responsibilities.
That state of affairs has meant job security to the hackers who want to damage networks or steal data from them. As organized criminals and well-funded nation-state actors have joined their ranks, it has become clear that existing security regimes can’t stem the tide. Attacks on military and other government systems continue to grow and are increasingly successful.
Government and industry are now trying to jump-start a new era of innovation in cybersecurity, one in which security is a design and policy priority rather than an afterthought.
Such goals have been recognized as a priority for basic research in the Obama administration’s fiscal 2013 budget proposal, with millions of extra dollars requested for research and development at the departments of Defense and Homeland Security, the National Science Foundation, and the National Institute of Standards and Technology. And in December 2011, the White House published a strategic plan for the next few years of cybersecurity R&D.
There are many ideas on the table. The following are two examples of future approaches that are gaining attention, support and most importantly, funding. One is a technology plan that makes computer systems a moving target to stymie hackers, the other a policy approach that provides a more coordinated defense against attacks. Officials hope that ideas such as these can lead to game-changing solutions that tip the balance back in favor of the good guys, but like anything to do with cybersecurity, it won’t be easy.
Current cyber defenses are designed to protect systems that operate in relatively static configurations for long periods of time. That is also a major weakness. Attackers can spend an equally long time looking for a single vulnerability in a key system, assessing how the system’s security would respond and planning attacks accordingly.
Defenders, on the other hand, have to try to plug the security holes in all their systems and keep them plugged, which soaks up a lot of resources and time. Given the complexity of most agency IT infrastructures, it’s an almost impossible task.
No comments:
Post a Comment