The Armed Forces Communications and Electronics Association (AFCEA) San Diego chapter recently hosted its annual C4ISR Symposium. This year’s theme was “The Evolving Definition of Navy Cyber: How C4I, Combat Systems and HM&E are redefining the Cyber Battlespace.” I was asked to participate on a panel to provide insight into the benefits and risks associated with cyber operations. The session was moderated by Engility VP Jeremy Ross and I was joined on the panel by Captain Mark Jarek of the U.S. Navy and Anthony Grieco, a principal engineer at Cisco. Below are some of the key topics our panel explored.
To begin, we discussed the fact that cyber is now undoubtedly a warfighting domain and the risks of today’s operational environments. Panelists agreed one of the greatest risks is a lack of shared, real time and contextual situational awareness between decision makers, operators and analysts. This shortfall can alter perceptions of both friendly and adversary capabilities while hindering the ability to establish a shared baseline for measuring desired effects. Today’s cyber threats can outpace our “observe, orient, decide and act” (OODA) loop and impact our ability to adequately develop and implement defensive measures.
Each panelist noted that intelligent, informed decision-making processes are critical to success within risky environments. As a panel, we discussed how commercial and government organizations can reduce attack surfaces and minimize threat vectors by performing ongoing user access audits. This proactive approach will help determine what users are doing on what systems and when. In other words, it is imperative that organizations develop baselines on behavior for anomaly detection, identify and track new users with access to the system, and establish new processes or communications to provide continuous improvement. In addition, understanding the threat—both intent and capability—through cyber-threat intelligence can help focus an organizations defensive measures against specific vulnerabilities in software, networks and human behavior.
The other question raised is how do you prioritize cyber operations when, and this is the reality, no organization can defend against everything all time. During the panel, we explored what steps the Navy—and the entire Department of Defense—must take in order to identify, prioritize and defend its most important networks and sensitive data. Is there acceptable risk? First, an organization has to determine its most critical mission or business functions as those should be top priorities. Next, they have to figure out what information systems and networks are required to support those functions and determine the most fundamental components of these systems based on the CIA triad (confidentiality, integrity, and availability). Lastly, defense in depth measures should be focused on the desired CIA triad elements while simultaneously developing resiliency for these systems based on the inevitable compromise. The level of risk allowed should depend on where the most sensitive data is stored and how critical the functions are of a given network. In other words, it is probably more acceptable to allow some risk to networks containing less sensitive data than the alternative.
The panel also explored malware proliferation versus insider threat. We took a deep dive into what poses a greater risk to our ability to conduct cyber operations – proliferation of malware or insider threat? This was a bit of a trick question because the truth is both malware and insider threats pose a major risk. For the sake of argument, I chose insider threats because an insider can undermine the very premise by which we conduct cyber operations. They could sabotage the focus of defensive measures by altering information on the cyber threat, redirecting cyber operations against the wrong focus area, intentionally misconfiguring systems, or stealing and/or broadcasting information on defensive measures, rendering them ineffective while giving the adversary valuable data.
The AFCEA C4ISR Symposium explored the depth, range and variety of threats posed against U.S. Armed Forces and federal agencies. With an ever-evolving threat landscape, it’s critical for these organizations to begin to change the way they address and prevent threats through extensive security applications, collaboration of best practices between agencies and continuous data monitoring (CDM) in place to track threats attempting to access networks and expose data. I had a great time discussing these issues with my fellow panelists and hope to be back again next year.
Director of Operations for Security Markets