Browse Content by Topic:
Connected Threat Defense - A Partnership Line of Attack
Author: Chief Cybersecurity Officer at Trend Micro & Michael Breslin, Deputy Assistant Director, Office of Investigations, U.S. Secret Service
Copyright: Copyright 9-1-1 Magazine, Feature Content
As trends of globalization and the transformation of information and operational technologies continue to evolve, national security leaders have to meet new demands to keep the public safe. The rapid rate of change in today’s global knowledge economy, which produces, distributes and uses large amounts of data for public and private operations, presents newfound challenges to the United States’ ability to adapt and effectively respond to new dynamic threats.
The impact of technological innovation on the U.S.’s ability to combat all external threats to its homeland has been the subject of much attention and research. The need for technological superiority combined with strategic planning in a rapidly changing global environment is paramount to the protection of our homeland, its people and our nation’s vital interests. Given the asymmetrical nature of our enemy, it is apparent that technological advantage is no guarantee for future success in this “new battlefield.” This article’s primary focus is on the actions of sophisticated cybercriminals, hacktivists and advanced threat actors (ATAs) in this ever-evolving arena.
Cybercriminals have become adept at using access to low cost technology in furtherance of exploiting the vulnerabilities inherent in a democratic and open society. Globalization enables the communication, travel, financing and coordination of their actions and has exponentially extended their criminal reach and impact.
These cybercriminals, and now ATAs, are further empowered by a perverted use of yet other positive facets of globalization, new media and the internet. In a recent Trend Micro white paper, Dark Motives, researchers detailed how terrorist groups are now leveraging the same technology advancements that cybercriminals have used for years to recruit, communicate and spread propaganda through illicit websites, social and traditional media. In addition, through the Deep Web they are able to create homegrown applications to fill in needed gaps to communicate securely across multiple platforms and borders. These advances in technologies have afforded cybercriminals to build capacity over the last 10 years.
In an effort to thwart off both domestic and foreign threats, there has been a great deal of success behind the whole of government approach to national security. This approach is also utilized in safeguarding the nation’s financial infrastructure and economic markets. The whole of government methodology integrates the efforts and sharing of information between multiple government agencies to achieve a common goal. To strengthen and reinvigorate this approach, the inclusion of the private sector is required to provide a more holistic perspective. The private sector holds a wealth of abilities and knowledge that is not always prevalent within government departments and can provide a significant impact on threat mitigation.[1, 2]
Security and safety are everyone's responsibility. It can no longer be viewed as simply the purview of the government and law enforcement professionals. Now more than ever, a healthy relationship between the government and private sector is crucial to achieving resiliency. Although there are great challenges to this relationship, renewed security defense measures must account for the input of the private industry, given that an estimated 85 percent of critical infrastructure in the U.S. is under their ownership and control.
In 2015, threats to critical infrastructure reached a new level when three Ukrainian distribution substations were hacked through a sophisticated cyberattack. Approximately 225,000 customers lost power for three hours, cutting at least seven 110 kV and 23 35 kV substations. This attack highlighted the convergence of cybersecurity and physical threats to critical infrastructure. The virtual and physical safe havens where cybercriminals and ATAs collaborate with each other are the greatest threats to today’s critical infrastructure owner/operators. The convergence of IT and industrial control systems (ICS) networks has increased the amount of vulnerabilities for threat actors to exploit and carry out attacks by penetrating networks and accessing more vulnerable ICS systems.
The adoption of a holistic global strategy is required to integrate the efforts of the private sector into an established whole of government approach both as a strategy and tactic. Key to this global strategy is creating a connected threat defense model that improves automation and orchestration of security technology, as well as increases communication and collaboration between public and private sector organizations to diminish the threats posed by cybercriminal and ATA groups. This strategy includes:
People – The capability to recruit, train and maintain highly skilled specialists is necessary to any security strategy, whether it be cyber or physical. The U.S. government is home to a fundamental group of well-trained cybersecurity professionals working to investigate cybercrime and defend against network attacks. However, as threats continue to grow at a rapid rate, these professionals will have a difficult time scaling; therefore, it demands a robust partnership with the private sector to fill these needs.
Process – For a thriving partnership between government agencies and private companies, it is necessary for both to mutually agree upon effective policies and procedures to prevent and respond to attacks. A process is required that provides a global legal structure that authorizes law enforcement and security companies to work together to thwart attacks; disrupt and dismantle cybercriminal infrastructure; as well as aggressively prosecute cybercriminal networks. In addition, it’s crucial for any process to continually be evaluated and act as both a reactive and proactive measure.
Technology – To mitigate the threats posed by ATAs now and in the future, advances in security technology are critical. In a highly dependent and hyper connected world, advanced threat actors will leverage information and operational technologies to conduct their attacks. The modernization and convergence of IT/OT systems will require rapid advances in security technology to meet these growing threats and vulnerabilities. Security software providers are currently, and will continue to, heavily innovate and invest in machine learning and big data analytics to rapidly respond to and protect critical infrastructure. Since people are the most important element of any cybersecurity strategy, security software will also need to automate and orchestrate security stacks from endpoint to network to cloud to manage the multitude of attacks.
Partnerships – While it is important that government agencies and private sector companies work simultaneously from the beginning, it is also critical that they assist one another each step of the way to reach the same goal. A prime example of this is the three-year agreement between INTERPOL and leading private cybersecurity companies to provide support to the international agency with knowledge, resources and strategies to fight global cybercrime. By obtaining threat information INTERPOL receives from the private sector, the agency is prepared to quickly respond to malicious cybercriminals. Additionally, governments and private sector companies are often presented with similar, impending threats and by working together they can discover the best and most efficient ways to defeat the threat actors they are up against.
It is our opinion that given the scope and complexity of threats to homeland security, there is no single proposal or action that will solve every problem. However, adopting a transformative connected threat response strategy against cybercriminals, hacktivists and ATAs is vital. Its transformation lies in the adoption of a continuous process of assessing, monitoring and mitigating global cybersecurity risks through active partnerships.
The public and private industries are faced daily with an evolving threat environment seen in the use of advanced threat tactics and technology. If this was not challenging enough, individually and collectively they are subject to geopolitical and legal barriers, budget cycles, and resource limitations.
Despite these and other recent setbacks, the U.S. government and private sector relationship has played an instrumental role in success countering threats posed by advanced cybercriminal networks and cyber espionage groups. These same trusted relationships, coupled with an expanded whole of government approach, must be increased and leveraged to protect our financial and critical infrastructure.
Ed Cabrera is the Chief Cybersecurity Officer at Trend Micro and responsible for analyzing emerging cyber threats to develop innovative and resilient enterprise risk management strategies for Fortune 500 clients and strategic partners. Previously, he served as the Chief Information Security Officer of the United States Secret Service with experience leading information security and cyber investigative and protective programs.
Michael Breslin is a Deputy Assistant Director of the United States Secret Service’s Office of Investigations. In his current position, Mr. Breslin oversees the planning and coordination of the investigative responsibilities of the Secret Service. These investigations include the counterfeiting of US and foreign currency, bank fraud, money laundering, mortgage fraud, access device fraud, electronics communications fraud, computer fraud and identity crimes.
1. United States Institute of Peace. (2015). Retrieved December, 2015, from United States Institute of Peace: http://glossary.usip.org/resource/whole-government-approach
2. Information Sharing Environment - Critical Infrastructire and Key Resources. (2015, December). Retrieved December, 2015, from ISE : https://www.ise.gov/mission-partners/critical-infrastructure-and-key-resources