This is the first post in a series on the pillars outlined in the new US National Cybersecurity Strategy. I review each pillar in turn, and then discuss how services such as Devo can help address the challenges outlined in that pillar.
I’ll first warn you that anyone writing a response to the new strategy is bringing a bias to the table. Let me explain mine. Almost all of my adult life was spent in the Air Force, designing and building large weapon systems. During that time, I also spent four years at the Defense Intelligence Agency leading the Department of Defense’s Information Operations (IO) threat analysis for large acquisition programs. My job was to forecast out IO threats, including cybersecurity anywhere between five and twenty-five years in the future.
My biases are based on developing systems that come under attack from the most advanced cyber threat adversaries, and being responsible for clearly articulating current and future threats to the same developmental organizations so they can implement countermeasures. I’m a huge advocate of robust cyber defenses and compliance to at least fundamental cyber hygiene. I believe that cyber resilient systems are a selling point for a software vendor equal to any product features.
Overview Pillar 1: Defend Critical Infrastructure
Ok let’s get into the first pillar. This section’s second paragraph starts with “Collaboration to address advanced threats will only be effective if owners and operations of critical infrastructure have cybersecurity protections in place to make it harder for adversaries to disrupt them.”
I think we can all agree to this, but what systems are “critical”? Recently, Twitter recently shut down its free API. Because many local governments used the API to automate public notices, this disrupted those local governments. I use this as an example of a social media company that has potentially found itself now considered by users as a part of the US critical infrastructure. Should it be? Maybe not, but the government will always find itself using the systems which are used by their residents as a means of accomplishing outreach.
The takeaway here is that more and more infrastructure will become potentially critical in the future.
Pillar 1 has five strategic objectives:
1.1: Establish cybersecurity requirements to support national security and public safety
1.2: Scale public-private collaboration
1.3: Integrate federal cybersecurity centers
1.4: Update federal incident
1.5: Modernize federal defenses
Pillar 1 quickly pivots into the need to set a common cybersecurity standard for “key sectors” of critical infrastructure in the U.S. Since the strategy also calls for better cybersecurity standards within the government, I could easily see this to be one set of cybersecurity standards. The rest of the objectives in this section focus on implementation, but I want to focus on the standards for the rest of this post.
There are multiple cybersecurity related executive orders that have come out in advance of this strategy. One requires all federal agencies to “collect it all” and basically log everything. Others build off of this comprehensive logging requirement to conduct cybersecurity operations using those logs.
For anything that is within scope of the definition of critical infrastructure, the log collection requirement is not going to be insignificant. In fact, it is going to be so great that it will likely and quickly outrace your ability to add on-premises storage and will drive you to the cloud. However, logs are only as useful as you can use them, and that’s where Devo as a SIEM comes into play. It can analyze the logs and combine that with multiple other sources to detect cyberthreats. It is a key tool in investigating incidents and identifying root causes.
Pillar 1 is all about protecting critical assets. To get there, we need to define what that actually means, and to develop the necessary strategy and plans to implement the necessary security. This is a great foundational effort where many of the other pillars will be built upon. Stay tuned for posts outlining the additional pillars or read our national cybersecurity strategy overview post for more higher level takeaways.