• Share
  • Email
  • Embed
  • Like
  • Private Content
Cyberwar Threats: New Security Strategies for Governments

Cyberwar Threats: New Security Strategies for Governments



Cyberwar fundamentally changes how government must handle security. Faced with increasingly sophisticated attacks from gangs of cyber criminals and foreign governments probing systems for sensitive ...

Cyberwar fundamentally changes how government must handle security. Faced with increasingly sophisticated attacks from gangs of cyber criminals and foreign governments probing systems for sensitive data, threats frequently go undetected for days, weeks, and even months. And it’s not just financial data being stolen. Terrorists and rogue governments may steal confidential data, including intelligence information, that exposes a country and its citizens to potential harm. Unfortunately, the traditional fortress approach no longer suffices. Learn what’s needed to tackle the new threats, and why Tripwire's solutions provide the real-time awareness necessary to fight cyberwar.

Whitepaper here: http://www.tripwire.com/register/cyberwar-threats-new-security-strategies-for-governments/



Total Views
Views on SlideShare
Embed Views



2 Embeds 144

https://twitter.com 81
http://www.scoop.it 63



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Cyberwar Threats: New Security Strategies for Governments Cyberwar Threats: New Security Strategies for Governments Document Transcript

    • IntroductionCyberwar fundamentally changes how government must help overwhelmed security professionals immediately identi-handle security. Faced with increasingly sophisticated fy and automatically mitigate any damage from existing andattacks from gangs of cyber criminals and foreign govern- potential threats. Only with these solutions can governmentments probing systems for sensitive data, threats frequently agencies defend themselves against the threats and conse-go undetected for days, weeks, and even months. And it’s quences of cyberwar in an age of declining budgets.not just financial data being stolen. Terrorists and roguegovernments may steal confidential data, including intel-ligence information, that exposes a country and its citizens Evolving Threats Require Newto potential harm. Unfortunately, the traditional fortress Cybersecurity Strategiesapproach no longer suffices. Firewalls, intrusion detection The attack that compromised Google’s systems in Decembersystems and other security devices can stop the average 2009 demonstrates just how the new generation of adversar-hacker, but new threats use stealth techniques that these ies can effectively take down an Internet giant. Google saiddefenses cannot detect on their own. that the Chinese government launched the attack to access Faced with the certainty that attackers will get into their the email accounts of Chinese human rights activists, butsystems, government organizations must take a more proac- that some 20 other organizations fell victim to the attack,tive approach to risk management. This approach includes including several US defense contractors. The attackers gotfocusing security efforts on protecting mission-critical data. past all of the defenses installed by Google, and managed toTo focus those efforts, government organizations need situ- stay hidden for days while they hunted for the activists’ data.ational awareness. They must know the location of critical In testimony to the US Senate Select Intelligencedata, identify the characteristics of the systems that carry Committee in February 2010, Dennis Blair, the US Directorthe data, understand the vulnerabilities of those systems, of National Intelligence, said that these kinds of advancedand detect changes in activity that signal potential threats. persistent threats (APTs) result in the theft of sensitiveGovernment organizations around the world must also know information from government networks every day. The tech-what security controls they have in place throughout the IT nology balance currently favors the attacker, he said, andinfrastructure, and whether these controls protect the infra- may do so for some time.structure against the potential threats. The UK government’s recently released Strategic Defense However, the sheer size and complexity of government and Security Review (SDSR) likewise recognizes the new ageinfrastructure makes gaining that awareness difficult. For of cyber threats, citing one of its top risks as cyber attacks,example, the US government boasts thousands of uniquely whether from other states, terrorists or via organized crime.configured systems strewn across hundreds of offices and The recent discovery of an organized crime ring that usedgovernment departments. The thousands of security devices the Zeus Trojan to steal money from financial accounts lendsthroughout the average government IT infrastructure gen- credence to their assessment of this risk; in late Septembererates such huge quantities of valuable data that the IT 2010, 10 people in the UK were charged with using the Zeusdepartments in these government organizations get over- Trojan to steal millions of pounds.2 Similarly, in the US,whelmed when faced with collecting and analyzing it. In the FBI and the US Attorney General’s office in southernaddition, governments must secure this infrastructure with New York charged 37 people in a criminal operation thatshrinking budgets, a trend illustrated by the UK govern- used the Zeus Trojan to steal $3 million dollars from bankment’s recently announced £81 billion in budget cuts slated accounts. The crime ring allegedly involved operations man-to take effect over the next four years.1 agers and money mules who, for a commission, laundered Government organizations urgently need solutions that the stolen money through bank accounts they opened.3provide automated, continuous, and end-to-end monitoring Deloitte, in its 2010 CSO Cybersecurity Watch Survey,of that infrastructure to isolate vulnerabilities and risk and found that most organizations it surveyed lacked awareness Cyberwar Threats | WHITE PAPER | 2
    • of these kinds of attacks, or felt overconfident that their In the UK, the Good Practice Guide No. 13: Protectivecurrent security measures and technology could protect Monitoring, or GPG 13, issued by the UK Government’s CESGthem. More than two-thirds still considered hackers the big- is part of the Security Policy Framework (SPF) designed togest threat. protect the government’s IT infrastructure. Similar to NIST, Unfortunately, these non-agile security tools and process- GPG 13 and the SPF take a risk-based approach to protect-es don’t work against APTs. The Deloitte report noted that ing the infrastructure. GPG 13 outlines an approach thatintrusion detection, signature-based malware and anti-virus UK government organizations should take to manage thesolutions provide little defense, and rapidly become obso- risk to their critical systems, including the information theylete against attackers who use such strategies as encryption must record, the events they must report, and the alertstechnology to mask their efforts. they must generate based on anticipated modes of attack to Cyber attackers typically exhibit much more patience than these systems.the traditional hacker. When rebuffed, they keep probing The opposition can exploit any weakness, so to manageuntil they find a way in. Once past the defenses, they call risk you must know the security status of all of the systemson their assets time and again to extract data. You would throughout the enterprise. That‘s the essential visibilitynot classify these attackers as opportunists; they have a that all agencies will be looking for.mission and remain focused on it until they succeed. In an interview with GovInfoSecurity.com, Ron Ross, the head of the team that drew up the NIST guidelines, saidIdentifying and Managing Risk continuous monitoring “is critical” for making sure that agencies know the security state of their systems on anGiven the tactics and tools of cyberwar, IT can no longer ongoing, day-by-day, hour-by-hour basis. “That is the upsimply man the barricades and plug whatever holes develop tempo that our adversaries are working in today as theyin their defenses. Instead, government must use continuous, launch these very sophisticated cyber attacks against ouror protective monitoring, to proactively identify the data critical systems,” he said.most at risk and secure the systems that contain that data. The UK government echoes this belief, citing a majorThe desired end? Agencies continue to operate and missions benefit of protective monitoring as increased situationalremain uncompromised. When it comes to national security, awareness that results from continuously collecting informa-defense and essential parts of the country’s IT infrastruc- tion about threats to, and trends in, critical governmentture, that’s the ultimate goal. systems and data. This information enables organizations to In the US, the National Institute of Standards and identify what attacks are occurring, where they’re occurring,Technology (NIST) is responsible for drawing up the guidelines who is behind the attacks, how vulnerabilities have beenfor certifying and accrediting the security of government IT or are being exploited, current and potential future vulner-systems. NIST puts risk management at the center of its most abilities, attacks in progress, and how to fix issues that ledrecent revision of those guidelines. The guidelines emphasize to an attack.building solid security into those critical government systemsas early in their life cycle as possible. Doing so makes it easierto identify what vulnerabilities and weaknesses remain, which Still a Long Way to Gomakes it easier to manage them within the standard risk deter- Most governments around the world still lack the visibil-mination and acceptance process. That’s certainly something ity and situational awareness needed to manage risk. Fewthat the US Department of Defense (DoD) counts on to keep its know if systems are correctly configured according to aGlobal Information Grid, the worldwide collection of computers known, good baseline of policies and controls. Few haveand networks that drives its operations, up and running, and the ability to receive alerts when system changes resultits most important data safe. Of all US government organiza- in insecure configurations so they can fix them before thetions, cyber attackers consider the DoD the prize target. damage occurs. 3 | WHITE PAPER | Cyberwar Threats
    • As part of their annual FISMA report to the US Office ofManagement and Budget (OMB), US government agencies Tripwire VIA Solutions:must show they have both an agency-wide security con- Visibility, Intelligence,figuration policy, and provide evidence on how well they Automationhave implemented various security configurations on their The Tripwire® VIA™ suite delivers the real-time, continuoussystems. monitoring organizations need to counter modern cyberwar In a July 2009 report, the US Government Accountability threats, so agencies see the data that matters no matterOffice (GAO) said all 24 of the major US federal agencies it how much noise the IT infrastructure generates. Armed withinvestigated claimed they had a security configuration pol- this visibility, security professionals detect weaknesses andicy in place. But almost all of them had weaknesses in their vulnerabilities, and make fixes before attackers can exploitinformation security controls, and over 21 had configuration them. Tripwire VIA solutions include Tripwire® Enterprise formanagement weaknesses. Several agencies did not imple- industry-leading configuration control, and Tripwire® Logment common secure configuration policies across their Center for next-generation log and security information andsystems, the GAO said, and many did not ensure that system event management (SIEM).software changes had been properly authorized, documented Tripwire Enterprise helps organizations focus on theand tested. John Gilligan, a former chief information officer changes that matter with continuous file integrity monitor-for both the Air Force and the Department of Energy, told a ing, compliance policy management, real-time intelligencerecent cybersecurity forum that if government organizations that identifies changes that introduce risk or non-compli-deployed and enforced security measures such as configu- ance as they occur, and on-demand automated remediation.ration controls, these organizations could block some 85 With over 300 out-of-the-box policies, Tripwire Enterprisepercent of attacks. covers just about any security, regulatory and operational Devices in the network that record security-related policy needed for assessing and managing configurations.events offer another source of useful security information. Specific to US government organizations, Tripwire EnterpriseCollecting those logs and having some way of analyz- includes policies for NIST SP 800-53 Rev 3, DISA STIGS anding them can help flag potential threats. Unfortunately, FISMA requirements. For UK government organizations,most agencies can’t do that right now, due in part to the Tripwire Enterprise includes a Security Policy Frameworkperceived difficulty in implementing a log management (SPF) policy that can be applied for GCSX CoCo and GPG 13:solution. However, many are starting to realize what those Protective Monitoring requirements. These policies includelogs offer. In a recent study, the DoD said that log manage- weighted tests that help IT managers focus on the configu-ment ranked among the highest value controls that could be rations that pose the greatest security risk or most impactused to block attacks. system performance. The security of UK government systems is less publicized, Tripwire Enterprise also allows organizations to capturebut the recent inclusion of cybersecurity as a top priority in secure or operationally optimized configurations devel-the SDSR indicates that cybersecurity is top of mind in the oped in-house so these configurations can be re-applied asUK for the foreseeable future. And with the 2012 Olympic needed. And Tripwire Enterprise automates remediation ofGames in the works, it’s a certainty that the UK govern- detected issues on-demand for both physical and virtualment will scrutinize government agencies more than ever to environments.ensure that they have continuously secure system configu- Tripwire Log Center, captures and stores tens of thousandsrations and the ability to easily review network and activity of events per second to meet the log management require-logs for potential threats and forensics. ments of many standards and regulations. It also enables 4 | WHITE PAPER | Cyberwar Threats
    • Google-like searches of log activity data for deep forensicanalysis. Because Tripwire Log Center supports the most Conclusionpopular log transmission protocols, it collects logs from just Cyberwar, with its sophisticated, persistent threats, isabout any source out of the box. In addition, Tripwire Log forcing government agencies to move away from an all-or-Center detects and alerts to events that may indicate suspi- nothing approach to security. These organizations must nowcious activity. The solution’s graphical tools help correlate focus on protecting essential data and ensuring continuousevents, and pinpoint those parts of the infrastructure that availability of critical systems—all without interrupting thecould be open to attack. ability of these agencies to conduct the day-to-day busi- As part of the Tripwire VIA suite, Tripwire Enterprise and ness activities required to fulfill their missions. As a result,Tripwire Log Center integrate with each other to provide security becomes a strategic necessity rather than activitya single solution for complete IT security and compliance. that simply complements the other activities of governmentUsing Tripwire solutions, IT can investigate individual agencies. Agencies must now apply risk management prac-changes and events as well as complex sequences of activity tices that ensure systems stay up and running.like suspicious events related to a change that may indicate To do that, security professionals must shift from theira new risk or noncompliance. Combined, these solutions also traditional reactive stance to a more proactive one. Becausesupport incident investigation, reveal patterns of activity they can’t manually plug the holes fast enough, they need athat indicate threats, and help identify downstream impacts way to get ahead of the threats. Key to this is being able toof a given change. The combination also enables organiza- get a clear view of the existing vulnerabilities through thetions to gain instant audit logging capabilities across the noise created by the overwhelming number of systems andentire IT infrastructure without installing additional code. configurations that make up today’s IT enterprise. Equally With the Tripwire VIA suite, organizations gain end-to- key is automation that not only detects the vulnerabilitiesend visibility across the enterprise, intelligence to help as they occur, but that also enables them to remediatethem make better and faster decisions about threats and these vulnerabilities immediately, before the damage occurs.risk, and automation to address and fix the millions and Automation is also critical protecting these systems andbillions of changes and events that occur in today’s IT data in the face of decreased budgets and headcounts.infrastructure. Tripwire VIA solutions provide the needed end-to-end visibility of all activity and events across the enterprise so users can identify potential threats in real-time. These leading solutions also deliver actionable intelligence so managers immediately know where misconfigurations, and therefore vulnerabilities and non-compliance, exist. And Tripwire VIA solutions automate much of the work, includ- ing remediation, so government organizations can provide effective security even with today’s reduced budgets and round-the-clock threat environment. 1 “Spending Review 2010: George Osborne wields the axe” (www.bbc.co.uk/news/uk-politics-11579979) 2 “UK police charge 10 people with Zeus fraud” (http://news.cnet. com/8301-1009_3-20018167-83.html?tag=mncol;txt) 3 “Dozens charged in use of Zeus Trojan to steal $3 million” (http:// news.cnet.com/8301-27080_3-20018177-245.html) Cyberwar Threats | WHITE PAPER | 5
    • ABOUT TRIPWIRE Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses and government agencies take control of their entire IT infrastructure. Thousands of customers rely on Tripwire’s integrated solutions to help protect sensitive data, prove compliance and prevent outages. Tripwire® VIA™, the comprehensive suite of industry-leading file integrity, policy compliance and log and security event management solutions, is the way organizations can proactively achieve continuous compliance, mitigate risk and improve operational control through Visibility, Intelligence and Automation. Learn more at www.tripwire.com and TripwireInc on Twitter.©2010 Tripwire, Inc. | Tripwire is a registered trademark of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved. | WPCS2a 2010/11