by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : April 2014
QHow are today's targeted attacks different from traditional malware? A In the past, we primarily saw broad, scattershot attacks. In response, researchers would identify the vulnerabilities in systems and networks, and the vendors would develop the necessary patches. For organizations with thousands or perhaps millions of nodes on their network, there was always a window of exposure when attackers could hope to hit an unpatched system. But everything is different now. Today, attackers have their own researchers. Instead of doing scattershot attacks, they search out a speci c vulnerability in a speci c system in a speci c agency, and then design malware for that vulnerability. This is a zero-day attack. These attacks are so successful because they elude the signature-based security solutions developed by anti-virus vendors. Such solutions are designed to detect known attack patterns, providing some measure of protection even for unpatched systems. But since zero-day attacks are highly customized, they won't be detected. Unless you have something like a detonation chamber that examines incoming traf c, it is very dif cult to prevent zero-day attacks. QWith attacks increasing in sophistication and complexity, how well do agencies understand the likelihood of a breach, and how to identify and secure critical data? ASome agencies still need to change their mindset. We recently elded a questionnaire to IT security professionals within the state and local sector and while three-quarters of the respondents state that their agency has experienced an incident or network breach in the past year, about half do not believe their agency has the ability to detect and block advanced threats. As I stated earlier, it begins with identifying critical data and assessing the potential impact of attacks. But it is also important to have an intelligent system that analyzes and prioritizes the alerts coming from network sensors, so the security team can focus on the attacks that represent the greatest threats to their environment. Think about a zero-day attack targeting, say, a three-star general who has access to sensitive information and assets. Does the agency understand the potential impact of such an attack? And will its security solution make them aware of that danger, or will it register as just another alert that gets lost in the noise? NIST (National Institute of Standards and Technology) is doing a very good job of raising awareness about the evolving nature of cyber attacks, particularly with the most recent revision of SP (Special Publication) 800-53. Their guidance is helping agencies to think more about those attacks in terms of impact rather than just volume. QWhat can government agencies do to better protect themselves against unknown zero-day attacks? AOne important tactical solution, which NIST recommends in SP 800-53, is the use of detonation chambers, which allow you to execute an application or attachment in a safe, isolated environment so that you can see what it contains or what nefarious activity it is promoting. This technology is a good defense against advanced threats that are using different attack vectors. For example, a spear-phishing attack uses an email vector, and if the deployed security technology intercepts the email before someone opens it, you've successfully stopped a zero-day attack. We've seen many organizations deploy this next-generation detection technology and succeed at combatting these advanced attacks. Fundamentally, however, agencies must accept the fact that, sooner or later, someone will gure out a way to get into their networks. Wherever there is something of value, there are thieves who are trying to get at it. And attacks will continue to get more sophisticated, and they'll become more targeted. So we have to ensure that we're adopting the right technologies, building the right infrastructures, and that we have the right risk mitigation plan in place so we can react quickly to those breaches and minimize the damage. •