This blog was originally published on The Hill.
If I didn’t deal daily with the mechanics of cybersecurity, I might be captivated by Washington’s focus on whether the Russians penetrated the Democratic National Committee and why they did it. As a citizen, I follow politics and geopolitics, too.
But here’s what bothers me:
The hacking tools identified by the FBI and Department of Homeland Security are freely available on the internet. The Russians can use them. So can the Iranians, the Chinese, the North Koreans and any other nation-state which wants to penetrate the networks that serve our political parties and government. There is nothing special or even uniquely “Russian” about them. And they often work.
I am not surprised that such common tools are employed against us. We should expect it. In the cybersecurity business we know the focus should be on our ineffective defense, rather than on finding the guilty country.
Whoever got inside the DNC networks had seven months to plumb about, pilfer embarrassing material, package it for shipping and make off with it, all without detection. The DNC had no way to detect the penetration while it was happening.
Why not? After all, the technology to spot and interrupt hacking while it is in progress exists. We can literally watch hackers and their tools move around inside our networks, probing our vulnerabilities, locating our most sensitive data and setting up private tunnels to take it out of our systems.
Information Security Officers for private-sector companies have such real-time defensive tools. Clearly Adm. Mike Rogers, Director of the National Security Agency, sees the need for real-time detection in government agencies, too. In Senate testimony this month, he said “The biggest frustration to me is speed, speed, speed….I'm constantly asking the team what can we do to be faster and more agile.”
Let me make a suggestion there. As it happens, while the noise from the DNC hack was building in Washington, I was attempting to sell such real-time technology to a federal agency which shall remain nameless. This was not a hard sale: The security professionals within this important agency were eager to sign my company’s contract and deploy my company’s technology.
But they couldn’t. It was clear these IT pros wouldn’t be able to move as fast as they wanted. Their procurement was going to be mired in bureaucracy and politics. (I think we’ll still make the sale, but not as quickly as we or our customers wished.)
Washington is a place where existing technology is aging, state-of-the-art solutions go undeployed, government security professionals live lives of frustration and bad guys meander unchallenged through federal networks.
The problems are many, but two stand out. First, government procurement rules, while improved a bit, create delays and hurdles, especially for the young, inventive companies which often offer the most effective anti-hacking defenses. (Some states also have equally sluggish procurement systems and thereby prolong their cyber risks.)
Secondly, our inability in recent years to budget for Federal operations on a regular, rational basis means the IT people in federal agencies can’t plan ahead for multi-year enhancements to the systems they must protect. The “continuing resolutions” under which agencies are funded enable them to keep spending on old, ineffective technology but prevent them from buying effective, state-of-the-art software and hardware.
Am I at all optimistic that this paralysis will end? I want to be. We certainly need much better cyber security than we have had recently.
A unique and positive attribute of the new administration will be Cabinet secretaries and key agency heads who come from the highest levels of large corporations and the military. These people have had information security drummed into them. They’ve all confronted the dangers of determined hacking, taken their briefings and signed-off on needed protections. They will each take over federal agencies hamstrung by cyber protection barriers that they would never have tolerated in their previous jobs. It is imperative that they move effectively to dismantle the bureaucratic hurdles and take responsibility for cyber defense.
We need that. Our federal agencies endure tens of thousands of hostile cyber assaults each day, some of which get through and remain undetected. We do know how to stop this. We just need to get the technology into the hands of federal employees who are eager to have it.
The requirements for an advanced threat detection model include identifying active cyber attacks based on what has been learned from the past as well as local context. This new model then connects events over time to reveal the progression and actions of threats inside of networks. Download the free e-book to learn more.