SAN FRANCISCO â€" The vast majority of a panel of experts with intimate knowledge of the interior workings of the National Security Agency (NSA) told RSA Conference 2012 attendees that the U.S. Cyber Command must assume a bigger role in securing the web, despite the privacy concerns expressed by lawmakers and the general public.
During a large-ranging discussion in regards to the role of active defense within the private sector, several panelists expressed strong support for harnessing the Cyber Command's advanced capabilities to do more to guard the U.S. and the net at large from cyberattacks.
Panel moderator James Lewis, senior fellow and program director for the middle for Strategic and International Studies (CSIS), suggested the North American Aerospace Defense Command (NORAD) could function an operational model for the Cyber Command to proactively defend a particular region of cyberspace.
The mission statement of the Cyber Command is to offer protection to the dept of Defense networks, and only conduct "full-spectrum military cyberspace operations" to avoid the approaching harm of the U.S. and its allies. The Cyber Command is technically a part of the U.S. Strategic Command and is constructed from members of several branches of the Military, but operates out of Ft. George G. Meade Army installation in Maryland, also home of the NSA.
"This can be a multi-billion-dollar investment which can serve a wider population than it does today," said Lt. Gen. (Ret.) Ken Minihan, managing director of Paladin Capital Group and a former director of the NSA. "i am not as patient because we've been at [cyberdefense] for 2 decades. We have to get this done."
However, Jim Dempsey, vice chairman for public policy for the heart for Democracy and Technology, voiced concern about reliance at the military, noting that the NORAD analogy is proscribed in lots of ways.Â
"Each ICBM [intercontinental ballistic missile] entering the U.S. is a threat," Dempsey said. "Each airplane not offering the correct identifier in North American airspace is a threat. Not every data packet entering the U.S. is a threat."
Given the challenges of enabling the Cyber Command to tackle a bigger Internet defense role, Dempsey indicated he wouldn't be in favor of any such change, even supposing the Cyber Command weren't shrouded inside the vail of secrecy cast by the NSA.
"There's an enticing question about how we got up to now within the history of the net, that's central to our global economy and society, where the appropriate, strongest, surest resource for securing it's in a beyond-top-secret military agency," Dempsey said. "It isn't too late to reverse that."
Gen. (Ret.) Michael Hayden, principal with the Chertoff Group and likewise a former director of the NSA and CIA, hinted on the difficulty that will include granting the Cyber Command broader authority to spot and prevent cyberattacks, especially against private interests.
"To achieve success, the NSA needs two things: It should be secretive and it needs to be powerful," Hayden said. "And it lives in a political culture that distrusts only two things: secrecy and power."
Another key stumbling block, Hayden said, is that unlike the Soviet microwave transmission-interception work the NSA conducted in decades past, today's reconnaissance landscape exists inside the networks of telecommunications providers and is intermingled with private citizens' perfectly benign emails and telephone calls. The challenge, he added, is convincing lawmakers and most people that the agency needs more autonomy to examine private communications to proactively identify cyberthreats.
"This is not new business. Here is something that's been done on the market for a very long time," Hayden said. "And it's done quite carefully by the folk at Fort Meade."
Ron Deibert, director of the Canada Centre for Global Security Studies, said the business of striking down attackers is usually more complicated than it kind of feels. Referencing the conflict between the nation of Georgia and Russia in 2008, it was believed that a denial-of-service attack against Georgia have been conducted by Russia. However, he said, research later revealed several distributed botnets had conducted the attack, with the vast majority of the zombie machines located inside the U.S.
"It is a very serious issue whenever you speak about counterstrikes. There's always a danger with attribution," Deibert said. "Someone who says, 'Strike down the attackers where they came from' would were attacking PCs of their own country."
The panelists also advocated for more government information sharing to enable ongoing active defense, which Dempsey described as an effort to exploit real-time threat intelligence data to forestall potential attacks before they reach their intended targets. Several experts, however, went to great pains to claim active defense is ready stopping attacks, not conducting counterattacks against known assailants.
This effort came to life last year with the Defense Industrial Base Cyber Pilot, or DIB Cyber Pilot, a pilot program wherein the dep. of Defense and Department of Homeland Security share classified information on threats and mitigation tactics with a limited variety of private companies and ISPs.
While some panelists called for expanding the DIB and making participation mandatory, Dempsey said the incremental progress being made to foster public-private cooperation is healthier than no progress in any respect.
View all of our RSA 2012 Conference coverage.
Nessun commento:
Posta un commento
Comments links could be nofollow free