Government Can’t Tackle New-Age Cybersecurity Alone

Intelligence agencies must learn to cooperate with big tech in fight against net predators

I think it’s pretty safe to say that there is almost nothing that our federal government can do that the private sector can’t do better. Cybersecurity is a case in point.

Right now, the Department of Homeland Security is working on upgrading its EINSTEIN threat detection and response system from what it calls a “system of vaccines” to an “immune system” that can better protect both government and private-sector systems.

The other major problem that the federal government faces is that the people in charge are apparently toiling in an alternate universe.

You might recall that it was this same EINSTEIN system that was responsible for the breach of the Office of Personnel Management in 2015, in which tens of millions of records were lost, including security clearance and sensitive background investigation information, and all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.

At DHS, the EINSTEIN team has been advancing the “future” of that program, which today focuses on intrusion prevention (with documented failed results), by focusing on analytical capabilities to leverage big data and look for unknown threats instead of just known signatures. Signatures are the way old-school cybersecurity programs used to detect threats, like back in 2013.

In the private sector, we have been leveraging big data and applying advanced analytics for years — actually since 2013 — to try to identify “zero-day” threats that have no known signatures and are responsible for most of today’s breaches. In fact, we have moved beyond signature-free detection to the application of machine-learning and artificial intelligence technologies to better balance the battle space for defending against cyberattacks.

Do you support individual military members being able to opt out of getting the COVID vaccine?

By completing the poll, you agree to receive emails from LifeZette, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

[lz_ndn video=32179627]

Why, then, would the federal government only just recently begin to upgrade its aging EINSTEIN system, which failed so miserably to defend secret counter-espionage identities of federal employees to something that might actually have a chance of working? Why only take the data-analytics step? And why on earth would you admit that the very same program that allowed the largest breach in government history is still in place and has not been upgraded?

“At this point, that prevention is based on signature capability, so it’s blocking known knowns,” Danny Toler, the acting assistant secretary at the Department of Homeland Security’s Office of Cybersecurity and Communications, said of the new pilot program. “But as we increase our analytical capability, we’re looking to increase those known knowns, but also looking with EINSTEIN III to shift into non-signature based capability.”

This is a pilot program, implying that the result may or may not lead to creating a permanent federal program based on what we here in the business community have been doing for years.

If the federal government is serious about cybersecurity, it needs to do more than just convene a bunch of people to discuss cybersecurity while piloting data-analytics programs that have been the norm in the private sector since the ice age. Toler actually said recently, “The more participants we have in our process, the better that process is going to be.”

No Danny, the worse it is going to be and, to paraphrase a guy who actually had the courage to lead this country, Danny needs to get this memo: “Government is not the solution to our problem, government is the problem.”

The other major problem that the federal government faces is that the people in charge are apparently toiling in an alternate universe.

Phyllis Schneck, who recently stepped down as a deputy undersecretary handling cybersecurity at DHS, has said that for the federal government to better secure its information systems and support cybersecurity in the private sector, departments and agencies will need to dramatically improve the way they collect, analyze, and share information about emerging threats. Does this mean that Schneck ignores or is simply unaware of the duplicity within the CIA and NSA related to its historic behavior around hoarded vulnerabilities?

She also said: “If we could get our internet to recognize something bad and attack it, we could be able to warn … at the speed of light all the others that might be relevant across the network.”

Memo to Schneck: It isn’t “our” Internet.

The time has come to stop all of the posturing and Alice-in-Wonderland fantasies about an all-powerful, all-good Internet, collaborative strategizing with siloed government territories, and diddling with incremental changes to failed programs that take two years to get beyond the “pilot” stages. We need to face these threats for what they are right now.

The world is less secure and more at risk than ever. In addition to advanced polymorphic malware that can go pretty much undetected by even the most advanced next-gen firewalls and perimeter defenses, we see threat actors using comprehensive dossiers that they have collected and assembled over the last two years for impersonation, influence, and outright theft.

We see Cisco scrambling to close vulnerabilities in its products disclosed in the WikiLeaks Vault 7 dump while our federal government’s cybersecurity geniuses are wishing we could share information about emerging threats and maybe, what, hold hands and sing Kumbaya at the same time?

[lz_related_box id=497854]

We see a significant increase in ISIS’s cyber capabilities while we dither with pilot programs to bring the government’s cyber defense systems into the first half of the decade. This week we see Mirai variants conducting 54-hour distributed denial-of-service attacks against university networks in the United States.

We see all of these mounting threats, and our federal response is to attend cyber-conferences with a global cloud service vendor to talk about the advancement of new standards and protocols to automate information sharing.

I am quite certain that President Trump did not build a 500-company enterprise or amass a personal fortune by wishing and hoping, convening group gropes, attending conferences, or leveraging ancient failed strategies.

Steve King is the COO and CTO of Netswitch Technology Management.

Join the Discussion

Comments are currently closed.