People and technology: Rethinking the cybersecurity challenge (Part 1)
By Angela Heise
Cybersecurity is often viewed as a technology challenge. Because cyber threats exploit technology, the logic goes that the threats must be thwarted through technology. This thinking has some merit — to a point. Tactically, many of the tools inundating the cybersecurity marketplace are effective at accomplishing a specific task or bundle of tasks for which they were designed.
From a strategic standpoint, however, cybersecurity solutions that rely predominantly on technology are woefully inadequate. This vendor-driven approach to cybersecurity lulls organizations into believing that tools provide the entire answer to their security challenges. In reality, vendor-driven security is the fundamental reason that so many organizations find themselves playing an unwinnable game of catch-up in a perpetually escalating arms race against cyber criminals.
Through many years of supporting defense, intelligence and civilian agency computer systems and data networks, we have determined that the ultimate answer to effectively defending against and defeating cyber criminals lies not in tools but in the people who use them. Rather than tools driving the analysts, the analysts must drive the tools.
We call this intelligence-driven computer-network defense, and it recognizes that only trained professionals are capable of: understanding the motives of the adversaries and context of the intrusions; sharing their knowledge with key partners; and exercising the judgment that allows resources to be allocated in a manner that maximizes their effectiveness.
An example of the benefit of the intelligence-driven approach to cybersecurity is our “cyber kill chain,” which draws from the knowledge of industry partners and our own experience to identify the seven stages of an advanced persistent threat (APT) intrusion.
The kill chain is being used by leading experts in the cyber community to develop better strategies for threat detection, response, and allocation of resources to the most-dangerous threats. This approach overturns traditional security thinking that says adversaries need to be right only once, while defenders must be right 100% of the time. Using the kill-chain model, the adversaries need to be right seven times, and defenders only once.
But the kill-chain approach must be implemented by trained cyber professionals to be effective. It’s not a software package that can be installed once and periodically updated. The analysts who incorporate the kill chain into their security strategy do rely on a variety of tactical tools at each stage, but they are driving which tools are used and in what manner — not the other way around.
Therefore, perhaps the biggest challenge we face in the cyber community is elevating the cyber tradecraft and the training and development we provide to the professionals who practice it. In two follow-up posts, we’ll provide insights on how organizations that depend on robust cybersecurity can improve the skill level of their cyber professionals through recruiting and training, and how they can make their systems more secure through improved collaboration and knowledge management.
What do you think? Tell us in the comment box below.
Angela Heise is Lockheed Martin IS&GS-Defense‘s Vice President of Enterprise IT Solutions, a unit entrusted by U.S. Army, Air Force, Navy and other U.S. Department of Defense customers to support many of the nation’s most-critical information-technology challenges.