by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : December 2012
20 GCN DECEMBER 2012 • GCN.COM CYBERSECURITY admiral who recently was director of cyber- security coordination in the DHS National Protection Programs Directorate. "It's an attempt to create a more secure, operational relevant ecosystem," he said of the proposed ecosystem. "It's difficult, be- cause the government didn't require certain things when the private sector developed these abilities," such as interoperability, au- tomation and trustworthy authentication of both people and devices. The RFI, which Brown helped to write, is an effort to determine "what the art of the possible is right now to accomplish this," he said. A NETWORK IMMUNE SYSTEM Creating a healthy, secure cyber ecosystem was one of the two focus areas identified in the DHS Blueprint for a Secure Cyber Fu- ture, in late 2011. The other was protection of the nation's critical infrastructure. Work on the idea dates to much earlier, however. The earliest technical reference in the RFI was a paper from 1999 on "An Immunologi- cal Model of Distributed Detection and Its Application to Computer Security," by Ste- ven A. Hofmeyr. The paper that spurred the current re- quest for information, entitled "Enabling Distributed Security in Cyberspace: Build- ing a Healthy and Resilient Cyber Ecosys- tem with Automated Collective Action" and published in March 2011, also uses the hu- man immune system as a model. It was written under the direction of Philip Reitinger, then DHS deputy under secretary for the National Protection and Programs Directorate who has since moved on to Sony Corp. It envisions "a 'healthy cyber ecosystem' -- where cyber devices collaborate in near real time in their own defense." In such a system, "power is dis- tributed among participants, and near real time coordination is enabled by combining the innate and interoperable capabilities of individual devices with trusted information exchanges and shared, configurable poli- cies." Such a system is not a perfect model, however. In humans, auto-immune dis- eases lead the immune system to attack the body it is supposed to protect, a situation 5 QUESTIONS ON SETTING UP A CYBER ECOSYSTEM Despite many hurdles, the field of automated security systems "is ripe for planning and action," according to the Reitinger paper. Hence the DHS's request for information presents a number of questions for both the public and private sector players, including: The deadline for weighing in on these issues was Oct. 15, and DHS and NIST are evaluating the responses. The next step will be formation of a working group, probably to include the NSA as well as DHS and NIST, to do a gap analysis identifying what needs to be done to move the present state of technology to the desired state. • What is the proper definition of and goals for the envisioned ecosystems? What are the most challenging and intractable issues to be addressed? What are the current capabilities? What standards are needed to advance the concept? What is the role of government in developing and implementing such a system?