Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, March 10, 2009

Cyberattack mapping could yield blueprint for cyber defense

Cyberwarfare has long since moved beyond the imaginations of Hollywood producers and science fiction aficionados.  Countries, corporate entities, rogue states and motivated hackers are all online and actively testing the defenses of networks.  Understanding how automated cyberwarfare works and how to defend against coordinated cyberattacks has become critical to the national defense interest.  Researchers at Sandia National Laboratories have been mapping out attacks against large-scale computer networks to develop massive cyberattack simulations.  Their work could impact the cybersecurity industry by enhancing security defense mechanisms.

Cyberattack maps developed by Sandia researchers were presented to the public during a seminar last week at Harvard University.  Those measurements make up a complex computer simulation of a massive botnet attack against a large-scale network.

Goldsmith presented the Sandia research as part of the “Cyber Internal Relations” series sponsored by MIT and the Belfer Center for Science and International Affairs at the Harvard Kennedy School.  The researchers chose to examine a root attack, a Byzantine attempt to gain control of a target system at its most basic level of operation.

Applications of such simulations aren’t academic at all; such large-scale IT infrastructures would of course include those of state and federal agencies or defense contractors.  Goldsmith and other attendees at the lecture assert that the “Holy Grail” of cyberwarfare is to quickly and accurately map out the network of an attacker or defender.  Such a map could produce a decisive advantage, just as understanding the local geography of a country is a crucial advantage in real-world warfare.

Goldsmith is the lead scientist on a project creating intelligent white hat software agents that enable networks to be self defending.

Enterprise intrusion detection software in the future may include network topography and intelligent agents in a collective to improve its effectiveness.  The developers of high-level enterprise architecture policies, including service-oriented architectures, will need to consider where and how to build in a level of autonomous intelligence into networks.

In an address Feb. 26 at an Armed Forces Communications and Electronics Association meeting in Baghdad, Sorenson called for greater information sharing on a single communications network.

Posted on 03/10