Applying Military Insights To Enterprise Data Security
1. Applying military insights to enterprise data security: the application of time-tested milita... Page 1 of 4
Home | About Us
AccessMyLibrary Browse C Computer Technology Review JUL-04 Applying military insights
to enterprise data security: the application of time-tested military approaches can help address evolving
computer security threats for enterprises and government.(Disaster Recovery & Backup/Restore)
COPYRIGHT 2004 West World Productions, Inc.
Applying military insights to enterprise data security: the
application of time-tested military approaches can help address
evolving computer security threats for enterprises and
government.(Disaster Recovery & Backup/Restore)
Publication: Computer Technology Review
Publication Date: 01-JUL-04
Author: Brown, Kevin
Ads by Google
PDF to Image Conversion Convert PDF to Bitmap TIFF, JPEG, PNG, BMP, RAW, etc.
Car Rental - Avis Enjoy Faster Reservations & Rentals Lowest Mileage Cars, Special Offers
Free IT Policies Info Browse Our Technology & IT Articles Online. Subscribe to Weekly
Report!
Business Continuity Plan BCP/DRP Word Template $389 189 pgs CFO says quot;This saved our
companyquot;!
Email this article | Print this article
COPYRIGHT 2004 West World
Productions, Inc.
Over the centuries, military and
intelligence organizations have
developed sophisticated doctrines and
procedures relating to physical and
information security. These doctrines
address a range of concerns including
ambush, spies, maneuver, counter-
intelligence, mutiny and force
protection.
Today's enterprises and government
agencies have migrated to highly
networked computing systems, with
nearly all critical functions reliant on
computing resources. This evolution
has delivered higher productivity, but
at the same time has created dramatically higher exposure to electronic attacks. Concern
over information assurance has never been higher, and the range of acknowledged
threats is growing: disgruntled insiders, viruses/ worms, corporate espionage, script
kiddies, cyberterrorism, and information warfare in conflicts of the future.
In many senses, computer security already resembles a guerrilla war. Today, largely
invisible enemies launch daily attacks on nearly every major corporation and government
agency, and rapidly adapt their tactics to address countermeasures. This article highlights
a number of time-tested military principles that can be applied by corporations and other
organizations to prepare for such electronic warfare.
MULTI-LEVEL SECURITY: Intelligence organizations use MLS to manage and streamline
access to data. By classifying each piece of data, and establishing the related levels of
trust among individuals (e.g., unclassified, secret, top secret), these organizations balance
http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM 8/18/2008
2. Applying military insights to enterprise data security: the application of time-tested milita... Page 2 of 4
risk with speed of information sharing.
Typically, civilian organizations lack the same discipline around information sharing. For
organizations that deal with sensitive or regulated data, a more structured approach to
assessing trust and granting access can be used to more tightly manage risk.
COMPARTMENTALIZATION: This principle is reflected in nearly every aspect of military
organizations. For example, a captured special ops team does not know the locations of
other units, in order to minimize risk. Often, analysts and planners have access to only a
subset of the quot;whole picturequot; and, similarly, a submarine uses physical compartments to
contain the damage from a hull breach.
With the move towards aggregated and networked storage, non-military organizations are
increasingly at risk of massive breaches. In fact, a single breach of networked storage can
yield terabytes of data and in many cases can be executed without detection. By using
physical or cryptographic compartmentalization, organizations can reduce the exposure of
any single breach. Typical approaches include compartmenting information by functional
area (Finance, Engineering, Executive), by business unit, or by customer.
NEED-TO-KNOW: Military planners understand that the risk of leaks increases
exponentially with the number of people who have information. Accordingly, sensitive data
is distributed to only those who need it, and access to data is documented and audited.
According to the FBI, 50%-80% of electronic attacks originate inside the firewall. Even
though the vast majority of employees are honest and trust-worthy, a single hostile
individual can inflict massive damage. Instead of starting with the assumption that all data
should flow freely among employees, organizations should invest in processes and
systems to manage access to sensitive data, and ensure accountability. Fine-grain access
controls can be used to provide flexible access to the data without disrupting user
workflow or applications.
[ILLUSTRATION OMITTED]
CRYPTOGRAPHY: As early as the Roman Empire, military organizations have used
cryptography to protect sensitive data. Traditionally, cryptography was applied primarily
to communications and data in flight; increasingly, sensitive data at rest is being
protected with cryptography. For highly networked environments facing a variety of
external and internal threats, cryptographic security is a necessity.
In today's networks, the volume of data in transit (megabytes) is dwarfed by the volume
of data in storage (terabytes). Computer security experts increasingly recommend
encryption for protecting stored data.
DEFENSE IN DEPTH: Realizing that any single layer of defense can be defeated, military
and intelligence security experts typically deploy layered defense strategies.
In light of the growing insider threat, and the growing number of holes in the network
perimeter (VPNs, contractors, partner networks), enterprises can no longer assume that
their firewall or intrusion detection system is sufficient. Critical data and systems must be
compartmentalized and protected within the perimeter. This is a challenging proposition
since certain insiders, typically IT administrators, enjoy quot;super-userquot; privileges and
unlimited access to data and systems. Organizations should closely review their
infrastructure and implement security in layers, ensuring that sensitive information is fully
protected.
CONCENTRATION OF FLOW: Military checkpoints and border crossings funnel all traffic
through aggregated control points. These locations typically have a concentration of
security forces, and the ability to authenticate and document all traffic.
Simplicity equals security. Many system vulnerabilities today stem from complexity;
administrators cannot watch all of the different attack vectors. Security approaches that
can simplify the security model and close down attack vectors can reduce an
organization's risk of attack, while improving the chances of catching the attacker. Best
case scenario: one way in, one way out.
ROLE SEPARATION: Many military procedures include checks and balances among
multiple individuals to ensure that no single individual can sabotage or usurp the mission
of the organization. Critical functions such as nuclear weapons command or air strike
operations require multiple people in different functions to concur and approve an action.
Organizations with sensitive data may wish to eliminate single points of vulnerability, but
many security managers today find that they do not have the tools to extend security
policies into the storage infrastructure. Implementing role separation can help. For
example, an IT organization may establish separate roles for security administrators and
http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM 8/18/2008
3. Applying military insights to enterprise data security: the application of time-tested milita... Page 3 of 4
system administrators. Access to sensitive customer data, or sensitive administrative
changes to systems, should require approval from multiple functional managers.
TWO-MAN RULE: This is a corollary to the Role Separation doctrine. For critical operations,
two individuals must exercise authority to act. The classic example: nuclear silo operators
turning two keys simultaneously to launch a missile.
Critical systems should never be designed with single points of failure or vulnerability. For
sensitive operations, such as accessing archived data or recovery of failed systems, a
quorum of trusted employees can be used to ensure that no individual can defeat security.
TWO-FACTOR AUTHENTICATION: Access to secure facilities almost always requires both
knowledge (what you know, e.g. passwords) and official identification (what you have).
Increasingly, token-based or biometric systems (who you are) are used to prevent forgery
of credentials.
For sensitive systems, traditional username/password mechanisms are too weak. Humans
are simply not good at choosing strong passwords, and there are many well-known
instances of this sort of attack. In the case of computer systems, administrative functions
are the most sensitive, because they typically enjoy access to all data and security
measures. Implementing two-factor authentication methods can significantly reduce the
possibility of common spoofing attacks.
KEY ROTATION: Physical and cryptographic keys are regularly rotated to limit the duration
of exposure in case of a breach. Following a confirmed or suspected breach, keys can be
instantly revoked or invalidated.
Enterprise and government security systems must have the infrastructure to regularly or
instantly rotate keys, including both physical tokens and electronic or cryptographic keys.
This infrastructure includes mechanisms for cataloguing the database of keys needed to
access archived data.
KILL-SWITCH: In military practice, it is common to protect systems that can be physically
breached or overrun with some type of kill-switch mechanism to instantly destroy
sensitive data or technology. The U.S. spy plane that was forced to land in China provides
a good example of the need for electronic kill-switch capabilities.
Computers and storage systems that are physically insecure pose a difficult challenge to
enterprises as well. Even the best firewall settings are irrelevant if an attacker can simply
remove terabytes of cleartext data on disk drives. For physically insecure systems, it is
advisable to make the default state of data secure, using encryption. Smart cards and
cryptographic keys can be destroyed much more quickly and reliably than terabytes of
cleartext data.
DOCUMENTATION AND AUDITING: Military organizations are notorious for extensive
paperwork and documentation. However, when dealing with sensitive information that
could cost lives or lose a war, this layer of accountability and deterrent is a smart
investment.
Organizations must find ways to automate and harden their systems that track access to
sensitive data. In the case of typical Unix and Windows systems, electronic logging and
auditing functions are easily defeated by any user with quot;rootquot; or administrator privileges.
Secure logging and auditing systems that are tamper-resistant and cryptographically
signed add a layer of deterrent on top of actual security.
Organizational Implications
Security-conscious organizations must create processes to constantly evaluate systems,
evolving attack tactics, and overall risk profile. Several practical implications emerge:
* Designate a quot;Chief Security Officerquot; that has the training and resources to manage
security on an ongoing basis. Security is a process, not a one-time project.
* For individual operating units, designate a trusted quot;security administratorquot; to manage
sensitive systems that protect the overall organization. For smaller organizations, this role
may overlap with other responsibilities, but ideally this role separation can create checks
and balances for administrative staff. Use strong authentication to ensure the integrity of
this role separation.
* Design systems that can shield sensitive data from administrators. In light of the
growing insider threat, and the almost unlimited system privileges that root users enjoy,
this is a major exposure point for every organization.
http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM 8/18/2008
![Applying military insights to enterprise data security: the application of time-tested milita... Page 2 of 4
risk with speed of information sharing.
Typically, civilian organizations lack the same discipline around information sharing. For
organizations that deal with sensitive or regulated data, a more structured approach to
assessing trust and granting access can be used to more tightly manage risk.
COMPARTMENTALIZATION: This principle is reflected in nearly every aspect of military
organizations. For example, a captured special ops team does not know the locations of
other units, in order to minimize risk. Often, analysts and planners have access to only a
subset of the quot;whole picturequot; and, similarly, a submarine uses physical compartments to
contain the damage from a hull breach.
With the move towards aggregated and networked storage, non-military organizations are
increasingly at risk of massive breaches. In fact, a single breach of networked storage can
yield terabytes of data and in many cases can be executed without detection. By using
physical or cryptographic compartmentalization, organizations can reduce the exposure of
any single breach. Typical approaches include compartmenting information by functional
area (Finance, Engineering, Executive), by business unit, or by customer.
NEED-TO-KNOW: Military planners understand that the risk of leaks increases
exponentially with the number of people who have information. Accordingly, sensitive data
is distributed to only those who need it, and access to data is documented and audited.
According to the FBI, 50%-80% of electronic attacks originate inside the firewall. Even
though the vast majority of employees are honest and trust-worthy, a single hostile
individual can inflict massive damage. Instead of starting with the assumption that all data
should flow freely among employees, organizations should invest in processes and
systems to manage access to sensitive data, and ensure accountability. Fine-grain access
controls can be used to provide flexible access to the data without disrupting user
workflow or applications.
[ILLUSTRATION OMITTED]
CRYPTOGRAPHY: As early as the Roman Empire, military organizations have used
cryptography to protect sensitive data. Traditionally, cryptography was applied primarily
to communications and data in flight; increasingly, sensitive data at rest is being
protected with cryptography. For highly networked environments facing a variety of
external and internal threats, cryptographic security is a necessity.
In today's networks, the volume of data in transit (megabytes) is dwarfed by the volume
of data in storage (terabytes). Computer security experts increasingly recommend
encryption for protecting stored data.
DEFENSE IN DEPTH: Realizing that any single layer of defense can be defeated, military
and intelligence security experts typically deploy layered defense strategies.
In light of the growing insider threat, and the growing number of holes in the network
perimeter (VPNs, contractors, partner networks), enterprises can no longer assume that
their firewall or intrusion detection system is sufficient. Critical data and systems must be
compartmentalized and protected within the perimeter. This is a challenging proposition
since certain insiders, typically IT administrators, enjoy quot;super-userquot; privileges and
unlimited access to data and systems. Organizations should closely review their
infrastructure and implement security in layers, ensuring that sensitive information is fully
protected.
CONCENTRATION OF FLOW: Military checkpoints and border crossings funnel all traffic
through aggregated control points. These locations typically have a concentration of
security forces, and the ability to authenticate and document all traffic.
Simplicity equals security. Many system vulnerabilities today stem from complexity;
administrators cannot watch all of the different attack vectors. Security approaches that
can simplify the security model and close down attack vectors can reduce an
organization's risk of attack, while improving the chances of catching the attacker. Best
case scenario: one way in, one way out.
ROLE SEPARATION: Many military procedures include checks and balances among
multiple individuals to ensure that no single individual can sabotage or usurp the mission
of the organization. Critical functions such as nuclear weapons command or air strike
operations require multiple people in different functions to concur and approve an action.
Organizations with sensitive data may wish to eliminate single points of vulnerability, but
many security managers today find that they do not have the tools to extend security
policies into the storage infrastructure. Implementing role separation can help. For
example, an IT organization may establish separate roles for security administrators and
http://www.accessmylibrary.com/coms2/summary_0286-13204723_ITM 8/18/2008](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)