Dynamic Defense


Published on

Government, business need new general on cyberbattlefield. Reprinted with permission from the Washington Business Journal.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Dynamic Defense

  1. 1. washingtonbusinessjournal.com January 13-19,2012FedBizExtraExpert InsightGovernment, business need new general on cyberbattlefieldBy Christopher Ling and equipping the network team, while the cluding malware analysis to understand the CISO directs the action on the actual cyber- attack. In addition, cyber and industry/gov-T he crown jewels of capitalism — the battlefield, directly monitoring and engag- ernment experts on the team will assess the innovative ideas that drive competi- ing the enemy. The two counterbalance each risk generated by the attack, and reverse en- tion and bring nations, companies other, and the ultimate cost-benefit decisions gineering will fix the weakness and strength-and individuals to the forefront of accom- are made at a higher level, in the C-suite in en the broader network.plishment — are being stolen, one by one, at the commercial world or a different structure ● Evolutionary response: The team mustan increasingly faster pace. to accommodate government operations. conduct ongoing vulnerability assessments, As the list of government agencies and CISOs can operate at all levels of an orga- examine proven best practices and developcompanies victimized by hacking grows each nization, and the good ones will end up ruf- comprehensive response strategies to keepweek, it is clear that no network is complete- fling a few feathers to drive new thinking and the defensive posture at its greatest strengthly impenetrable. To thwart these attacks, one a focused commitment on cyberprotection. at any given moment.must embrace a defense that embodies the Today’s sophisticated cyberattacks call ● Institutional improvements: These aresame aggressive and methodical approach as for a response that integrates the best knowl- efforts that require discipline and focus toour cyber-adversaries use against us today. edge of a given company or government ensure the cyberprotection is fully integratedAnd that includes finding the right people to agency — concerning the most precious and all parts are operating effectively. Theylead a dynamic defense — one designed to secrets, the unique operational and business will provide constant attention to cyberpol-continuously evolve as the threats change. requirements — and the best experts in the icy, operations, new technologies, manage- While many of today’s networks are techniques of cyberdefense. ment techniques and the recruiting and train-largely run by chief information officers, the A cybersecurity operations center, man- ing the best cyber workforce.CIO’s primary focus is on efficiency. Need aged separately from the CIO’s network Those capabilities can be eroded if the pri-to meet today’s skyrocketing data manage- operations center, should focus on four key mary network focus is on efficiency alone.ment requirements at lower costs? The CIO areas of intelligence and response. And admittedly, in today’s economic envi-can do it. Need to defend against insidious ● Threat vector intelligence: This ap- ronment, efficiency is a strong argument.attackers who are feeding off the best ideas proach takes virus-scan programs to a high- But the more powerful counterargumentof governments and companies? The focus er level. Not only does the process detect is the skyrocketing cost that nations willmust be on effectiveness, and the CIO needs known threats or attack types, but it also endure if we don’t adopt a more effectivehelp. serves as an active, continuous presence on way to combat cybercrime. Certain foreign Unique challenges require a unique lead- the Internet to gain situational awareness of governments and individual cybercriminalser: A chief information security officer can what’s happening and what’s changing. This are not just taking our ideas; they’ll soon beserve as the powerful tactical general on the enhanced approach monitors trends and de- using them against us to win in the globalcyberbattlefield. But how many organiza- velops insights into new and emerging threat marketplace. As the daily headlines remindtions have a CISO? And, if they do, what sets. Protection against just known threats us, cybersecurity isn’t something on whichresources are available to them? may be helpful at home, but won’t fully pro- anyone can “declare victory,” but with the The best organizations will have both a tect a corporate brain trust. right approach we can avoid defeat.CIO and a CISO working closely together. ● Rapid response: Every second counts, Christopher Ling is a Senior Vice President at BoozThe CIO serves in a role analogous to the and the best response teams will be capable Allen Hamilton and leads the firm’s cyber military op-military’s armed services, creating, training of conducting a full analysis life cycle, in- erations business. Reprinted with permission from the Washington Business Journal. ©2012, all rights reserved. Reprinted by Scoop ReprintSource 1-800-767-3263.