From a security analyst point of view, today became a great day for a write-up on the current national discussion of cybersecurity — and, more importantly, what is actually being done about it.
This morning, LegalInsurrection.com posted quite the prescient article entitled, “What If Spying On Social Media Sites Could Save Lives?” In it, one of Dr. Jacobson’s contributors, Jonathan Levin, posits that while the initial introduction of DARPA’s Total Information Awareness program could not have had worse optics, a discussion should begin again over whether or not the intentions behind the program couldn’t be legitimately (read: legally, politically, etc.) recycled into something that balances the needs of security with privacy.
Add to this piece a webinar that InformationWeek’s DarkReading site hosted this afternoon highlighting the state of cybersecurity from 2015. Check out some of these concepts that the presenters shared:
- Attendance at BlackHat — the world’s largest security gathering — went from 9,000 in 2014 to over 11,000 earlier this year
- One of the biggest take-aways from the conference was a car hack demo that eventually led to manufacturer recalls
- IoT (Internet of Things) is greatly misunderstood and incredibly encompasses everything from toys to smart phones to light bulbs to logic controllers in factories and refineries
- Same mistakes repeatedly made in terms of maintaining default passwords, keeping comm ports open, etc.
- Biggest issue with encryption may not be simply privacy, but better ways to trust end-point profiles (e.g.: you are who you say you are)
On the webinar, everyone agreed that this year was the year that IT security made it big — it’s now political and it’s being felt at a personal level.
Why do I care enough to post about the topic? My new employer is right in the middle of this discussion — ThreatConnect. And while it might appear that I have a number of shameless plugs in this posting (which I do), don’t recoil too much, because there are some fascinating things happening in this space, and ThreatConnect has played a major part in many of these issues.
Here are some examples of how a TIP (Threat Intelligence Platform) was able to resolve recent breaches:
- Alleged Chinese hacker involved in South China Sea espionage (a.k.a.: Project CameraShy)
- “The Anthem Hack: All Roads Lead to China“
- The Office of Personnel Management hack
OK, great — we know the scope of the issue (people are at the very least losing their personal data in the lightest of instances), and we know that presidential candidates are talking about it, but what does all this mean to the common, everyday citizen?
As mentioned, there is always a tension that exists between individuals enjoying liberty and its polar opposite, security. On the one hand, candidates such as Donald Trump suggest that certain Internet-based sites should be taken down (he says this in CEO fashion, but I think this is the gist). On the other, now-former candidate Sen. Lindsey Graham strongly suggested that devices should have encryption “back doors” that allow for what he might determine as legitimate spying by state actors; interestingly, Tim Cook was quick to resist.
Here’s the thing. Platforms like ThreatConnect have already proven many times over that we as a nation (or as organizations and individuals) can already track down who’s doing what and where using existing, open technologies on the Internet; where and when some assets need to be shut down is a subsequent law enforcement question.
In reality, that is the job of the security analyst — the unsung hero who hangs out in both public- and private-sector organizations pouring through reams of data in hopes to connect the proverbial dots. A TIP expedites her job by semi-automating much of the legwork of some of these streams, freeing her up to do the actual analyst work of connecting computing IoCs (Indicators of Compromise) with real-world persons, places and things.
As threat assessment tech, methods and procedures evolve and mature, it will provide a smoother path to finding the bad actors in the world. If you read the linked resources in this posting, I think you’ll better appreciate that dealing with risks is a constantly evolving and attainable process. But it is a process where the journey is the destination.
This shouldn’t be an either/or discussion into which a politically tinged topic can devolve. However, cybersecurity platforms do exist and greatly increase the speed of resolution in finding out what the threats are and, sometimes, who the real adversary is.
I hope this helps shed some light in this fledgling but quickly maturing space.