Advertisements

Google to Soldiers: Malware is the Enemy

nsa-490x326

BRYANT JORDAN writes:  Getting the military’s cyber forces to focus more on the most serious threats to U.S. national security means getting away from a whack-a-mole-like strategy now used to find and remove malware in the system, officials from Google and Lockheed told a crowd of soldiers Wednesday.

Most of what cyber soldiers deal with is malware living in a system that can be exploited by an enemy, according to Jim Young, U.S. Army Account Executive for Google Enterprise Transformation.

It’s a common problem, but one that should not happen, he said at the last panel session at the Association of the U.S. Army’s annual conference in Washington D.C.

“This notion that persistent malware can stay on your machine should not happen,” he said. “The technology is out there today to erase it, or not make it an attack factor. So I encourage you … to start looking at opportunities that fundamentally change how you probe cyber security. Do not do incremental. It will not get you where you need to be.”

Charles Croom, vice president of Cyber Security Solutions for Lockheed Martin Information Systems & Global Services, called it the “80/20 cyber rule.”

“It’s a rule of thumb that says, ‘hey, if I implemented everything I knew how to do today [to stop the malware] I could take 80 percent of my threats off the table, and then I could focus on this advance persistent threat of 20 percent.”

No one has developed such an all-in-one package yet, but the Defense Advanced Research Projects Agency – DARPA – has issued proposals intended to find solutions, Croom said.

The only way to do it is to automate these solutions, he said, whether they are patching, vulnerability assessment, or remediation. These steps now are all done successfully by individual soldiers, but are done again and again as they keep cropping up, he said.

“The only way we’re going to [fix it] is through automation. We’ve got to get people out of the loop and automate what we know how to do,” he said.

The problem is that it is a multi-platform, multi-device world across “monstrous enterprises that are globally connected,” he said.

“We can’t even get our configuration management down to knowing what’s on the network, who is on the network,” Bryant said.

Networks should be automatically and constantly scanned to identify exactly what and who is on them at any time, and looking for changes to software and hardware; it can be done at the speed of light, Croom said.

And when an unauthorized change is found or weakness or an intrusion is detected, the solution should be instant and automatic, as well.

“When you know there’s an issue on your network you ought to be able to close most of them with machines,” he said. “These are repetitive things that have to be done and most of it can be done by machines. And then you save the manpower for the high-end intellectual issues, the threat you’ve never seen before, that is unique and requires some intelligence.”

Defense Tech

Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.