This post is also available in: heעברית (Hebrew)


Agency networks should be able to not only continuously detect hackers and throttle their destructive tactics — but also robotically bounce back.

“We’ve talked about the need to go from static defenses, such as firewalls, under so-called continuous monitoring, to active cyber defenses -doing automated hardening, automated defense of our networks,” Philip Quade, chief operating officer of NSA’s information assurance directorate told DefenseOne. “But I think there is one more step that we’re not really talking about and that’s automated regeneration, automated resiliency.”

Israel HLS

The pricey DHS-sponsored initiative now underway, known as continuous diagnostics and mitigation, or CDM, is expected to supply all agencies with sensors and specialists to move from traditional three-year vulnerability checks to real-time problem spotting. Agencies have until 2017 to achieve full implementation.

In between CDM and futuristic self-healing is active response, sometimes called “active defense,” which can include, for example, sharing threat intelligence with potential targets in real time.

Yet, “even with these automated defenses in place, bad things are still going to happen,” Quade said. Organizations need to be asking themselves: “What can you do to automatically regenerate to a minimally secure state, and be automatically resilient and get back to the operating position?”

According to Quade, automated resiliency is “the next big thing,” but he added, “I’m not optimistic that we’re getting anywhere close to that.”