DHS Envisions a Healthy Cyber EcosystemPaper Explores Tech Options to Create Safer, Resilient Cyberspace
That's the vision presented in a new white paper from the Department of Homeland Security that explores technical options for creating a more secure and resilient network of networks.
"If these building blocks were incorporated into cyber devices and processes, cyber stakeholders would have significantly stronger means to identify and respond to threats, creating and exchanging trusted information and coordinating courses of action in near real time," DHS Deputy Undersecretary Philip Reitinger, the paper's chief author, writes in the DHS blog.
The paper envisions a future where cyber devices collaborate in near-real time in their own defense. "In this future," the paper says, "cyber devices have innate capabilities that enable them to work together to anticipate and prevent cyber attacks, limit the spread of attacks across participating devices, minimize the consequences of attacks and recover to a trusted state."
This future is based on the three building blocks:
- Automation can increase speed of action, optimize decision making and ease adoption of new security solutions. A healthy cyber ecosystem might employ an automation strategy of fixed, local defenses supported by mobile and global defenses at multiple levels. Such a strategy could enable the cyber ecosystem to sustain itself and supported missions while fighting through attacks. Further, it could enable the ecosystem to continuously strengthen itself against the cyber equivalent of autoimmune disorders.
Interoperability can broaden and strengthen collaboration, create new intelligence, hasten and spread learning and improve situational awareness. Reitinger sees three types of interoperability: semantic, a shared lexicon based on common understanding; technical; and policy.
Authentication can improve trust in ways that enhance privacy and decision making; it's integral to many capabilities beyond cyberdefense. Identification and authentication technologies can deliver across five operational objectives: security, affordability, ease of use and administration, scalability and interoperability. For automated cyberdefense, the need exists for strong standards-based device authentication, including those for software, handheld devices and small, often wireless, devices composing massively scalable grids.
The paper recasts conventional notions of command and control in the direction of focus and convergence. Focus, the paper says, provides the context and defines the purposes of an endeavor, but is agnostic regarding who might be in charge or particular lines of authority. Convergence refers to the goal - seeking process that guides actions and effects - but recognizes that control works in an unconventional manner in highly distributed systems.
How would a cyber ecosystem work? Here's an example provided in the paper:
"An ecosystem with the ability to make automated adjustments to configuration in response to trust choices would offer increased reliability and resilience for supported business, social and civic processes while improving the privacy and civil liberties of users. An ecosystem with such abilities would also be self-defending. A self-defending ecosystem with human involvement could force attackers to take more risks and be more exposed. These activities, combined with greater attribution, could enable law enforcement or other deterrence to be more effective. A healthy ecosystem, in other words, mutually reinforces security, usability, reliability and the protection of privacy and civil liberties."
Reitinger says the white paper is intended to stimulate thought and discussion. "DHS intends to leverage the expertise of representatives from industry, academia and other government agencies as we work to understand cyberthreats and manage risk in cyberspace," he says.
Reitinger directed preparation of the paper that received support from the cyber strategy staff at DHS's National Protection and Programs Directorate, the federally funded Homeland Security Systems Engineering and Development Institute and the directorate's Office of Cybersecurity and Communications. Lear year, the directorate sponsored a government workshop to discuss a draft of this paper. Recommendations from that workshop have been incorporated in the paper.