by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : December 2012
that researchers and developers want to avoid in a secure cyber ecosystem. AGENCY SELF-HEALING NETS The concepts of a learning, self-healing system are being incorporated --- or at least planned --- in several current pro- grams, including the Federal Aviation Administration's Next Generation Air Transportation System, which would re- place the aging current air traffic control system, and the Smart Grid program be- ing spearheaded by the Energy Depart- ment to create an interactive national power distribution and delivery system. Development of a self-protecting eco- system would be a long-term project, and probably one without a definite end-point. "Probably the journey will never end," Brown said. But advances in standardizing the language of security and automating continuous monitoring are the first steps. "These are all parts of what is doable in the near term." Effective information sharing across domains --- whether automated or manual --- has long been a challenge in cybersecurity, but the ability to gather information in near-real time is improv- ing. Continuous monitoring now is a requirement for compliance with the Federal Information Security Manage- ment Act, although the monitoring is periodically frequent rather than really continuous, and reports are supposed to be made automatically through the DHS Cyberscope system. In monitoring and evaluating IT systems, agencies are supposed to use tools complaint with the Security Content Automation Pro- tocol, which has led to broad industry adoption of SCAP tools. As early as 2009, Peter Fonash, then acting director of the DHS National Cybersecurity Division and now CTO for cybersecurity and communications, told a House panel that the Einstein intrusion detection system was ready to begin deployment at agency Trust- ed Internet Connection points and at Networx Managed Trusted IP Service locations. "The Einstein system helps to iden- tify unusual network traffic patterns and trends that signal unauthorized network activity, allowing US-CERT to identify and respond to potential threats," Fonash told the Science and Technology Subcommittee on Technol- ogy and Innovation. The intrusion detection system is be- ing upgraded to provide intrusion pre- vention as well, which is a step toward automated defense. "The system, once fully deployed, will provide the gov- ernment with an early warning system and situational awareness, near-real time identification of malicious activity, and a more comprehensive network de- fense," Fonash said. A primary difference between current automated tools and the envisioned ecosystem is that tools now in use de- liver data to a central point or organiza- tion, such as US-CERT, where it is ana- lyzed and alerts then are disseminated to local administrators for action. The ecosystem model would share infor- mation throughout the system and en- able systems or devices to respond on their own. All of the current innovations, such as CyberScope and Einstein, have their critics, and the best tools and policies are not adequate in themselves, the Reitinger paper notes. "We know today that users are not routinely complying with cyber best practices and configu- ration guidelines. Adoption of security standards is decidedly slow, and early indications are that cybersecurity con- tinuous monitoring will face impedi- ments to adoption." "Interagency processes generally take a while," and funding is always an issue, the DHS official said. Whatever the results of the analysis, creation of a self-aware, self-defending and self-healing online environment will not be fast or easy, Brown said. "There is no way you can create the ecosystem by stopping on a dime," he said. "It's a journey. I think it's a big job, but it's something we felt needed to be done.'" • GCN DECEMBER 2012 • GCN.COM 21 DHS and NIST are trying to define a future online environment that could defend itself more quickly than its human users can do. A request for information issued by the Homeland Security Department and the National Institute of Standards and Technology lays out the goals for a healthy and resilient cyber ecosystem: "In this concept, computer systems, devices, applications, and users will automatically work together in near-real time to anticipate and prevent cyber attacks, automatically respond to attacks while continuing normal operations, evolve to address new threats, limit the spread of attacks across participating devices, minimize the consequences of attacks, enable the sharing of timely and relevant security information, and recover to a trusted state. The concept will allow for robust privacy protections while delivering security protections commensurate with risk. To that objective, it is important to assess where we are now technologically, what additional capabilities are needed, and what current technologies are best available to meet those capabilities at this time." EXPLAINER What would a cyber ecosystem do?