Industry Perspective: Protecting Interconnected Systems

Here are five practical steps organizations can take to address emerging threats against interconnected systems.

by Peter Allor, Federal Security Strategist, IBM / June 18, 2013

Attacks against websites, databases and applications in recent years have made federal and public sector organizations inured to the typical everyday attack. Yes, these organizations are very much aware of today’s challenging security landscape and are taking appropriate actions to lessen the damage of attacks, but more can be done.

Today’s main security challenges include big data, cloud, mobility and mainframe issues -- and each presents potential issues for critical infrastructure and systems. Organizations often want to immediately “identify” where an attack originated, simply thinking that will solve the issue. However, the focus should remain on practical steps organizations can take to proactively reduce the risk of future attacks.

Risk mitigation does work in lowering the threat level, and is one of the recommendations to federal and public sector organizations as a basis for addressing the problem overall. Many agencies are applying these recommendations now, much like private enterprise, and organizations will see them increasingly taking a more risk-based approach.

The elements of a successful cybersecurity program are composed of some simple and direct actions. Here are five points that should be considered:

1.    Measure and Monitor Everything

This one sounds simple enough, but in practice takes some degree of forethought. How to collect and, more importantly, how to correlate what you have collected are critical factors. Organizations should measure it all, but also really look at how data is being correlated, with apples to apples comparisons.

2.    Automate

This came with a mantra of automate everything, then automate it again. Not only does collection have to be automated, but so does the monitoring. As humans, we cannot process the enormous amount of data generated in modern computing environments and recognize the events that should be correlated let alone alerted on.

3.    Expect Any Vector

Meaning that any vector is where the attack or vulnerability could come from. So be it social engineering, website drive-bys, spear phishing, or USB drop, to mobile, organizations have to have a means to discover it all.

4.    “Know thy self”

Here organizations need to know what runs on the network, everyone that is on your network, and what devices are attached to the network. Also add, “know your incident response.”

5.     Do the Basics

Points one through three are the basics. This will prepare you against point four, and reduce the vulnerability surface available to attackers. These are the new basics for enterprise defense and acquiring incident response.

Ultimately, federal and public sector organizations have to wonder where they are in the cybersecurity lifecycle. What the industry has collectively learned is doing some basic items while working across the organization is foundational to good cybersecurity. Integrating these simple elements into a strategy is the basis for continuously diagnosing and mitigating networks – and using technology as an enabler to do so.   

However, use the technology to automate correlation and draw conclusions that alert a human to a condition, who can then make a security response decision.  It makes the difference from being drawn into an incident unprepared to knowing exactly how to execute the basics.

Image from Shutterstock.