U.S. must change perception in cyber defence

This post is also available in: עברית (Hebrew)

In light of several successful cyber attacks on U.S. goverment systems, it is clear that the issue of defence against cyber attacks isn’t at it’s best shape, to say the least, Seeing as how attackers were able to stay several months inside the goverment’s computer system until exposed by a third party. In spite of all this, Richard Bejtlich calims that some positive aspects can be found.

According to him, the goverment must completely change its defence strategy perception against cyber threats and to allocate more budget to developing methods and means for the detection and removal of hostile factors inside the system instead of of putting most of the efforts if developing safety measure to prevent penetration, such as firewalls. After all, at some point the attackers will make their beyond the firewall, sophisticated as they might be, he claims.

Nowadays, measures for cyber defence are based on a program meant to constantly scan the american goverment agencies’ computer systems, to detect flaws and weak spots and to seal them as fast as possible. (Continuous Diagnostic and Mitigation – CDM). Despite the efficiency of this system, which has been active in the goverment’s computer system for several years now, there are still successful break-ins through the firewall.

Bejtlich says that the CDM is a good system, but using it isn’t enough to cope with cyber threats for three reason: First, the ambition to completely seal the breaches is not realistic; Second, not all breaches can be fixed and so attackers can always penetrate goverment systems; Third, detecting and fixing weak spots through which attackers can get into the system is not efficient against attackers who are already inside.

In conclusion, in light of all this, Bejtlich states that the perception of defence against cyber threats must be changed, to prioritize delveloping technology that scans and detects attackers who already penetrated the system rather than technology that blocks potential breaches. He claims that along with the the CDM software to track weaknesses, the cyber defence authorities must build teams made of specialists meant to scan the network and detect the presence of hostile elements.