UMUC
Abstract
The
ever increasing sophistication of cyberattacks represents a mounting and
serious risk to private organizations, public agencies, and individual users
alike. To defend against these advanced
threats, emerging cybersecurity technologies are necessary. Although many safeguards are developed by the
private sector, the federal government recognizes the global risk cyberattacks
represent. The following paper outlines
three of these innovative approaches including prioritized research and
development, remote agent technologies, and real-time forensic analyses, as
well as the government’s role in their formation. This partnership between public and private
sectors represents a profound understanding of the liability that exists should
support for emerging cybersecurity technologies cease.
Introduction
The
development of cyberspace and the Internet represents one of the most
revolutionary advancements for mankind.
There are few sectors and fewer countries unaffected by this growing
collection of technologies. Although
this phenomenon has influenced a host of areas, it also represents one of the
most serious threats to our modern society.
As the developed world moves an increasing amount of critical data
online, a myriad of nefarious individuals have adapted traditional criminal
activities to the cyber realm. This rise
in the sophistication and frequency of cyberattacks signals the need for a
similarly advanced set of defensive mechanisms.
Emerging technologies such as prioritized research and development (R&D),
remote agent technologies and real-time forensic analysis represent some of the
most promising approaches to defend cyberspace. These advancements however cannot be
developed in a vacuum as cyberattacks affect governments, corporations, and
individuals alike. As a result, a
consortium of public and private organizations is necessary to develop the next
generation of cyberdefense technologies blending corporate expertise with the
support and encouragement of the federal government. For widespread acceptance, this arrangement
should balance defense aspects with the various liability issues that comprise
the diverse field of cybersecurity.
Emerging
Cybersecurity Technologies
As
our society’s reliance on cyberspace grows, the importance of providing secure
and reliable access to this resource becomes increasingly important. Advanced cyberattacks represent a serious
risk to critical infrastructure and individual privacy alike. Technology and policy solutions must be
continuously developed to keep pace with emerging threats (Maughan, 2010). Three of the most promising approaches
include prioritized research, remote agent technologies, and real-time forensic
analysis.
Prioritized
Research and Development
Identifying
future technologies remains one of the most complex issues in the field of
cybersecurity. This matter is worsened by the fact that the United States lacks
a unified cybersecurity policy with multiple agencies in charge of this
field. This translates into a
competitive and often counterproductive effort to ensure the advancement of
next generation cybersecurity technologies.
In 2006 alone, an assessment of federal R&D identified over 50
cybersecurity projects in various states of funding with many of these
initiatives having been postponed for the last decade. The underinvestment in these technologies was
addressed in the 2009 White House Cyberspace Policy Review in which the
President’s advisors identified that prioritized R&D must play a key role
in America’s cybersecurity (Maughan, 2010).
Although
the White House’s Cyberspace Review represents one of the most current calls
for reform, this dilemma was recognized as early as 1991. To address America’s need for emerging
technologies, the Networking and Information Technology Research and
Development (NITRD) program was formed.
Consisting of Commerce, Defense, Energy, and a variety of other federal
agencies, the NITRD program was established with the intent of aligning federal
funding with priority areas in the field of cybersecurity (UMUC, 2013). One of the most current actions this working
group has carried out is the publishing of the Comprehensive National
Cybersecurity Initiative (CNCI).
Established by Presidential Directive, the CNCI was designed to help
establish a comprehensive set of cybersecurity defenses. Inherent in this initiative was the
understanding that protection against cyberattacks required enhancing America’s
R&D efforts through the investment in “leap ahead” technologies (Maughan,
2010). As one of the most well-known
supporters of cutting edge technologies, the Defense Advanced Research Projects
Agency (DARPA) has been at the forefront of emerging cybersecurity
solutions. In just one example, the
agency’s Cyber Fast Track Program provided streamlined grants to over 100
individuals and groups to develop solutions such as cutting edge forensics for
Mac OS-X (Sternstein, 2013). Given the
fact that the vast majority of America’s critical infrastructure is privately
owned and that innovations generally evolve from private sector initiatives,
the federal government has a staked interest in guiding America’s cybersecurity
future.
Remote
Agent Technologies
As
manual auditing and enforcement of computer security compliance becomes more
important in the defense against cyberattacks, experts believe increased active
monitoring methodologies are needed.
This approach involves using various technologies to conduct both remote
tests of network security as well as forensic examinations of individual
systems. Utilizing consolidated
safeguards in this manner has the potential to increase the efficiency and
effectiveness of cybersecurity by centralizing auditing and patching functions
(UMUC, 2013).
Experts
no longer believe that comprehensive cybersecurity can be accomplished by utilizing
a single product or approach. Instead,
it is becoming more commonplace for administrators to employ a variety of
safeguards to secure networks. For
organizations with distributed or complex digital infrastructures however, this
approach involves significant expenditures of both technological and human
resources. One possible solution to this
dilemma is the use of remote and automated cybersecurity technologies. Fewer administrators can manage larger
networks utilizing consolidated security functions. Common tasks that can be
accomplished via remote agents include vulnerability scanning, intrusion
detection, and cyclical service checking (Stefan & Jurian, 2012). In
addition to significantly reducing the resources needed to protect a
geographically dispersed digital infrastructure, remote agents also provide the
ability to handle cyberthreats on a more proactive basis. Applications such as SysMon,
OpenNMS, and Nagios represent flexible platforms that give administrators the
tools needed to respond to rapidly evolving attacks (Stefan & Jurian, 2012).
The second major use of remote agents lies in
the field of forensics. Traditional
digital forensics is often a static process that involves the onsite imaging of
a system’s digital media which is accomplished by shutting down the target
system and physically removing the hard drive.
As with traditional network security, this methodology is heavily
dependent on specially trained human resources.
In addition, as hard drive space continues to increase in size each
year, examiners have been forced to triage digital examinations. Given these time constraints, forensic
investigators have begun moving away from the traditional approach to
collecting digital evidence, instead relying on automated and remote
technologies to streamline and consolidate forensic examinations. Remote administration tools such as the GRR
Rapid Response architecture offer this flexibility. GRR is an open source platform that provides
administrators with the ability to conduct remote forensics on a truly scalable
level. It is available for a number of
systems and can be rapidly developed and deployed to enable remote, real-time
forensic analysis of a network (Cohen, Bilby, & Caronni,
2011).
Real-Time
Forensic Analyses
Similar
to remote agents, another emerging technology in the defense against
cyberattacks revolves around real-time forensic analysis. Reliant upon triaging and evidence
preservation, this technique has proven to be an invaluable tool in both the
cybersecurity realm and in criminal proceedings (UMUC, 2013). A forensic analysis conducted in real-time
focuses on prioritizing data collection while recognizing the importance of
volatile data sources commonly found throughout modern computer systems.
Based
on the theory outlined in Moore’s Law, computational resources have continued
to double at a fairly consistent pace.
This has led to a similar growth in data storage capacities. Although these rates of advancement represent
significant potential for innovation, it has also left the forensic community
somewhat lacking. Increased
computational power and hard space requires enhanced analysis
capabilities. Unfortunately, the field
of forensics has been unable to match the pace of this development and
accordingly requires new tools to remain current.
Given
the increasingly unsustainable model of traditional forensic examinations,
security professionals are in need of additional tools. One answer to this growing problem is the
concept of real-time digital analysis.
By combining software based platforms with triaging methods and
technologies, analysts are able to accurately and efficiently identify emerging
threats quicker. While investigators
have employed triaging tools such as Carvey’s Forensic Scanner or EnCase
Portable for a number of years, real-time analysis significantly enhances this
technique. The ability to run a continuous analysis in real-time provides
examiners with a known good baseline to aid in the identification of emerging
cyberattacks. This technique also
leverages the potential for collecting relevant and potentially volatile
data. Traditional forensics relies on a
system being powered down, thus risking the loss of valuable data stored in
RAM. Real-time analysis however is
continuously run on a system thereby minimizing data loss while simultaneously
providing a more complete picture of activities within a network (Roussev, Quates, & Martell, 2013).
Federal
Government’s Supporting Role
The
majority of America’s critical infrastructure is maintained by the private
sector. Although corporations maintain
a fiscal responsibility to secure these resources, the federal government also
possesses an obligation to defend it. As
a result, it is incumbent upon the public sector to provide guidance and
support in the development of various defensive technologies. Historically, this assistance has ranged from
sharing information and drafting policies to monetary investments.
Prioritized
Research and Development
Of
the many levels of government support, perhaps the most direct is funding
R&D efforts in support of emerging cybersecurity technologies. This not only maintains a partnership between
public and private organizations, but also allows the government to direct a
federal cybersecurity strategy in support of the nation’s infrastructure. In 2011, the White House Office of Science
and Technology Policy (OSTP) published the document “Trustworthy Cyberspace:
Strategic Plan for the Federal Cybersecurity Research and Development Program”
(Maughan, Newhouse, & Vagoun, 2012). This report not only identified existing
deficiencies in the national cybersecurity strategy, but also provided a
framework for coordinating objectives for future R&D efforts.
Federal
support for prioritized R&D efforts was further bolstered in 2008 with the
Leap-Ahead Initiative. As part of the
CNCI, this approach was designed to manage R&D efforts and develop a
comprehensive set of strategies to help solve the nation’s growing cybersecurity
requirements (Maughan, Newhouse,
& Vagoun, 2012). Under this approach
the government’s Cyber Security Information Assurance (CSIA) group directed
industry and academic institutions to identify emerging solutions to themes
including moving target defense, cyber economic incentives and
tailored trustworthy spaces. Based on
input from the private sector and research institutions, these categories were
then incorporated into the 2012 federal budget to foster the creation of
emerging technologies in these fields.
Remote
Agent Technologies
As
public and private organizations further integrate their critical
infrastructure into networked systems, increasing the efficiency of computer
security has become a priority for the nation.
The federal government’s National Institute of
Standards and Technology (NIST) recognized this need and responded by creating
the National Cybersecurity Center of Excellence (NCCoE). This public-private partnership represents a
forum to develop “…open,
standards-based, modular, end-to-end solutions that are broadly applicable,
customizable to the needs of individual businesses” (McBride & Waltermire,
2013, p. 1). In just one example,
through collaboration the NCCoE aims to develop “building blocks” to assist in
the challenge of continuous monitoring.
The intent is to develop a viable solution that can be applied to
multiple industries and organizations.
Based on input from the private sector, the government’s NCCoE has
already developed a number of these building blocks to enable “…accurate, timely data collection and secure exchange of software
inventory data from computing devices” (McBride & Waltermire, 2013, p. 1).
Real-Time
Forensic Analyses
A
2005 report published by the President’s Information Technology Advisory
Committee (PITAC) entitled “Cyber Security: A Crisis of Prioritization”
outlined the federal government’s role in investing in long-term R&D
projects to identify and develop next-generation solutions to America’s
emerging digital vulnerabilities (Interagency Working Group on Cyber Security
and Information Assurance, 2006). The
document identified various responsibilities for the federal government
including a primary leadership role in generating technological advancements in
support of defending the nation’s IT assets.
This guidance can be used to identify serious cybersecurity threats to
the country, prioritize the nation’s most critical assets, and then coordinate
with the private sector on developing broad R&D solutions.
The
Cyber Security Research and Development Act of 2002 solidified the national
importance of areas such as forensics and intrusion detection. This law called for significant increases in
funding for cybersecurity R&D in various areas. In February 2003, the federal government
issued their National Strategy to Secure Cyberspace report. In this document, the government identified a
number of R&D topics that represented the most serious threats to the
American IT infrastructure. Solutions
such as “…protection of systems, networks, and information critical to national
security; indications and warnings; and protection against organized attacks
capable of inflicting debilitating damage to the economy” were determined to
represent the most critical areas for defense (Interagency Working Group on
Cyber Security and Information Assurance, 2006, p. 14). The first item mentioned in this report
however was the development of forensics and attack attribution technologies. Identifying the source of an attack and
disseminating this information to other organizations provides one of the
greatest strengths in preventing similar incidents.
Liability
Recommendations
Although
the concept of cybersecurity ranks as one of the nation’s most critical issues
to solve, a number of liability questions exist that have derailed any
comprehensive strategy. Topics of
concern range from personal privacy to the precise level of responsibility
corporate entities must assume. To obtain
a lasting partnership between corporations, individuals and the federal
government, these issues require thoughtful consideration.
Concerns
over personal privacy rank among the highest reasons for opposition to any
national cybersecurity initiative.
Technologies such as remote software management and real-time forensic
analysis have the potential to compromise personally identiļ¬able
information. Even though a number of laws
are already in place to protect this data, privacy advocates worry about powerful
and intrusive technologies in the hands of an overzealous government. One possible solution to this dilemma is the
increased automation of remote security tools (Cohen, Bilby, & Caronni,
2011). This would result in a minimal
number of individuals having access to vast amounts of personal information;
thereby minimizing the liability stemming from accidental or intention
disclosures.
The
second major hurdle to overcome in gathering support for a broad cybersecurity
effort is corporate liability. According
to the SEC (2011), there are no current disclosure requirements for
corporations experiencing cyberattacks.
There is however an obligation for publicly held companies to report any
incident that may affect the operational or financial condition of a
company. In practice, this requirement
falls far short of the federal government’s goal for information exchange. Given the potential usefulness of this
activity, corporations should feel safe in disclosing cyberattacks or data
breaches without legal repercussion.
Conclusion
The
federal government has a long history of supporting innovation in the private
sector, especially where matters of national security are concerned. This realization gained significant traction
after incidents such as the September 11, 2001 terrorist attacks and the
emergence of foreign-based advanced persistent cyberattacks. Even though America’s critical infrastructure
is maintained almost exclusively by the private sector, the federal government
understands that the defense of these resources is directly linked to the
safety and security of the United States as a whole. Federal support for the development of
next-generation technologies is necessary to guide the nation’s overall cybersecurity
strategy.
References
Cohen,
M. I., Bilby, D., & Caronni, G. (2011). Distributed forensics and incident
response in the
enterprise.
Digital Investigations, 8.
doi:1016/j.diin.2011.05.012
Interagency
Working Group on Cyber Security and Information Assurance. (2006). Federal plan
Maughan,
D. (2010). The need for a national cybersecurity research and development
agenda.
Maughan, D., Newhouse, B., & Vagoun, T.
(2012). Introducing the federal cybersecurity R&D
McBride, T., & Waltermire, D. (2013).
Software asset management: Continuous monitoring.
Roussev, V., Quates, C., & Martell, R.
(2013). Real-time digital forensics and triage. Digital
investigation,
10(2), 158-167. Doi:10.1016/j.diin.2013.02.001
Stefan, C., & Jurian, M. (2012).
Distributed communication systems monitoring and proactive
Sternstein, A. (2013). DARPA to turn off
funding for hackers pursuing cybersecurity research.
University of Maryland University College
(UMUC). (2013). Module 3: the future of
U.S. Securities and Exchange Commission (SEC).
(2011). CF disclosure guidance: Topic No. 2.
