In a speech last week, U .S. Defense Secretary Leon Panetta shocked many people with how real the threat is of a cyber attack on the U.S. and our infrastructure. In his talk to the Business Executives for National Security, Panetta painted a picture of an attack that would cause physical destruction and the loss of life. He went so far as to describe the U.S. as in a “Pre-9/11 moment.” Panetta said that the Pentagon has poured billions into beefing up its ability to identify the origin of a cyber attacks, block them and respond when needed. See the full text of his speech here.
What Panetta didn’t say
What the Defense Secretary did not get into is what steps the Pentagon actually did take beyond pouring in money. When they talk about identifying the origins of an attack it is a concern that maybe our military’s leaders have taken the very traditional approach of performing a forensics-based analysis of past attacks, an approach which comes too late and is limited in the types and sources of data that can be reproduced after the fact.
There is a much better approach.
We require a system that can capture events from any and all agencies in the intelligence community as well as Federal, State and local law enforcement. It only matters when that data is combined with other sources like social media, outlier shipping/transport, site traffic and other human factors to proactively identify potential threats. Once potential treats are identified there needs to be a fast and accurate way to vet candidate threats and then execute well-defined responses. This system needs to tie in all resources at our disposal to quickly learn from the information it accumulates to continually look for additional and emerging threat patterns and when possible, to act before things happen.
Bad things have a ‘run up’ that can be interrupted. Plans can be intercepted and redirected. People are predictable if you know enough.
Cyber Big Data
This statement above could very well be the pinnacle of the term Big Data. The volumes of data that would have to be culled through to identify the treats and respond in real time are daunting, but the technology does exist and can be used to address this very real and very serious use case.
The whole basis for this is capturing relevant events (a single activity happening at a specific time or over time) and having the ability to correlate related events together to be able to identify which, if any, require further action. This is exactly what a Complex Event Processing (CEP) engine will allow you to do, but a CEP tool is simply not enough.
With the volumes of data in play, organizations must maintain volumes of data in-memory where they have quick access to it. They need analytic tools that allow for spotting trends in data or, better yet, have the predictive analytics that can highlight emerging trends and allow preemptive action to get ahead risk. But the most critical? The ability to define rules against specific patters that declare what automated actions or notifications should take place once a pattern is identified.
“Before September 11, 2001 the warning signs were there. We weren’t organized. We weren’t ready. And we suffered terribly for that lack of attention,” said Panetta. “We cannot let that happen again. This is a pre-9/11 moment.”
Not knowing where the funds are going, I’m hoping we’re well down this path to stopping threats before we suffer a similar fate to 9/11. I hope what seems simple enough to me is just as clear to our leadership.