In-Depth
The Network’s Role in Securing Cyberspace
No single technology can enable a fully secure network. The three-layer model we present can guide your organization in making key improvements to your network security.
By Don Proctor
Today’s public sector increasingly relies on large-scale networks to support critical infrastructure, military operations, and government services. Networked capabilities such as Web services, collaboration, mobility, and cloud computing hold significant promise to transform organizations while responsibly managing taxpayer dollars.
However, the environment in which these networks operate has changed dramatically over the past few years. Government workers, technicians, and military personnel now regularly utilize smartphones, custom handheld devices, personal devices, and computers running a variety of operating systems to access assets from almost anywhere. Traditional perimeters are becoming irrelevant as the network infrastructure -- and the security that supports it -- transforms into a more complex, constantly changing ecosystem.
Unlike networks of the past decade, there are now too many devices and operating systems to rely on patching and virus protection alone. The rapidly evolving variety of attacks must be met by establishing multiple, flexible layers of defense designed to discover, destroy, and manage attacks through advanced technologies and comprehensive processes. Today, administrators are transitioning network security provisioning from the “overlay” models of the past to embedding them directly into the network fabric.
With workers collaborating and sharing vital information far beyond the walls of the workplace, security limited to fortifying the network’s edge is bound to fail. To secure critical infrastructures in an increasingly mobile world, the public sector must find security solutions that fully incorporate trust, visibility. and resiliency into the network.
Assessing Network Risk
The world’s networks face an ever-growing variety of threat vectors. Prior to 2001, the bulk of threats to these systems were most often attributable to internal sources, such as disgruntled employees, misconfigurations, or poor operational procedures. Over the past decade, however, the focus has begun to shift toward external attacks. Today’s hackers are often fast-moving, highly paid mercenaries who attack government, critical infrastructure, and military networks for profit or nationalistic reasons.
Public sector IT administrators are increasingly examining a variety of issues to help fend off these assaults. For example, some are questioning the reliance on open standards-based networking versus traditional proprietary systems. With the advent of Internet Protocol (IP)-based technologies and the Internet, even the most closely guarded systems are increasingly making use of open-standards capabilities. Commercial off-the-shelf (COTS) technologies offer powerful benefits in terms of lowered costs, interoperability, speed of implementation. and agility that they have inevitably penetrated to the highest levels of government and military command.
Critical infrastructure systems, such as power grid operations, are also vulnerable. Some energy providers are hesitant to move to open standards, believing that closed industrial systems are completely invulnerable. This is not the case. For example, the Stuxnet worm attack in 2010 was carried out against industrial controllers using a removable drive.
In general, however, the increasingly global society is changing too fast for proprietary systems to remain a viable option. The complexity of a world fraught with multiple networking protocols actually plays into the hands of criminal forces by fragmenting local suppliers, reducing the number of security providers, and slowing innovation and threat response. Consider the damage that could be done by a hacker with a month or more to respond to a newly discovered vulnerability, instead of the day or two that he has now.
A New Network Security Model
Cybersecurity issues play an important role in today’s national security dialogue. Government organizations have historically faced special challenges in preventing cyberattacks. Often, they must cope with acquisition and deployment cycles of many months or even years, almost guaranteeing that most technologies are obsolete before they are put into use. This slow implementation is exacerbated by regulations and complex legal requirements governing implementation of new technology.
To streamline this process, organizations are shifting to a more effective and integrated architectural approach to the network, one that encompasses the technology, people, and processes required for the privacy, integrity, and availability of information and resources. Only an architectural approach provides the framework to consistently meet evolving security challenges, allowing for the protection of assets, detection of security breaches, and appropriate remediation once a breach has been detected.
A powerful three-layer “trust” model is highly recommended:
Layer #1: Trusted processes
This model is founded upon processes that allow organizations to plan, design, develop, implement, and operate systems to help mitigate risk and strengthen security for the full life cycle of the intelligent network. These processes also include all operational disciplines related to assuring network policy compliance and management, including training, acquisition, and monitoring.
Layer #2: Trusted systems
The model’s middle layer includes networking, computing, and storage infrastructure, with input from security intelligence operations (such as incident response teams), advanced research, and global cryptography. These are systems in which integrity and interactions of both hardware and software elements have been designed and produced to globally accepted standards, with security emphasized through product assurance, supply chain integrity, and global certifications:
- Product assurance encompasses the design and product development elements that ensure the integrity of hardware or software products (for example, best software development practices and strong processes for managing third-party code security).
- Supply chain integrity: The process by which hardware is manufactured and software developed must conform to appropriate security standards. Studies show that procurement from unauthorized suppliers is the single weakest link in security governance. Safeguards built into each link of the supply chain -- manufacturing, assembly, and distribution -- protect against tampering or insertion of malicious hardware or software. Buying from trusted vendors with robust supply chain standards and stringent Common Criteria certification requirements has been found to help close the vast majority of security loopholes.
- The Common Criteria certification is an international standard (ISO/IEC 15408) recognized by 26 countries as a consistent means of evaluating and certifying product security. Evaluations are performed by independent commercial labs and certified by the country issuing the certificate. These governments consider Common Criteria a mandatory requirement for purchasing network security or products that provide a security function.
Layer #3: Trusted services
These are the end-user services and capabilities enabled by the IT system. They may be hosted within the network elements, within the cloud, by discrete devices, or by industry providers. Examples include intrusion detection and prevention (IDP), network access control (NAC), and identity-based networking services (IBNS), as well as instrumentation, diagnostics and sensing. Infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) extend security capabilities into the cloud.
Best Practices in the New Architecture
Based on this three-layer model, organizations are able to make key improvements to network security, often leveraging the capabilities of network elements that are already in place. For example, a major change in current best practices is the recognition that not all information assets have equal value and not all assets are worth protecting equally. By identifying which assets are of high, medium, or low value, organizations can efficiently apply differentiated levels of protection to data.
In addition, many security issues are actually old problems that can be better addressed with new processes. By taking stock of all physical assets that comprise, touch, or can connect with the network, IT teams gain better visibility into the entire system. Today’s devices provide a wealth of sensor data that provides insights into how the network is operating. Establishing a baseline of activity and performing diligent monitoring allows IT teams to identify and correct weaknesses created by untrusted devices more easily, and remove or block users as needed.
Configuration management and software version control for network devices are two other areas where most organizations can make significant security improvements. Organizations should also monitor vendor vulnerability disclosures and act to reduce potential exposure.
Equally important, a high level of system resiliency helps ensure a cybersecurity incident is appropriately managed. Once a breach occurs, the network must quickly isolate the affected area, limit the scale of the attack, and minimize its impact. Administrators must take advantage of dynamic routing protocols, redundant paths, and analysis of data collected by embedded sensor processes and security intelligence operations. Such tools help better contain damage by both existing and emerging cyberthreats.
There is also a critical need to educate every person who utilizes the network. Employees play a major role in security by participating in bidirectional communication about important issues. In return, organizations must shift their thinking to accommodate today’s changing work culture -- for instance, instead of banning social networking, they can take steps to enforce a responsible and robust policy as data moves to and from these sites.
Summary
Every IT decision-maker must recognize that no single technology can enable a fully secure network. A trustworthy, secured system is built over time by planning, developing. and implementing an environment that encompasses a broad variety of security elements. Most important, it comes down to the people who create effective processes for maintaining that environment. Leading security providers are committed to bridging the gap between industry and government and supporting public sector requirements to enable strategy, education, and new technologies.
Don Proctor is senior vice president, Office of the CEO at Cisco. As the executive sponsor of Cisco’s Cybersecurity Task Force, Don works with worldwide government leaders in defense, civilian agencies, and the intelligence community to advance the safety, privacy, and integrity of their critical network infrastructure. Don joined Cisco in 1995 and has held a variety of leadership positions in the company’s enterprise, commercial, and service-provider businesses, including serving on or leading a broad variety of Cisco’s corporate boards and councils. A graduate of the University of California, Berkeley, Don is also a member of the professional faculty in the Management of Technology graduate program at UC Berkeley’s Haas School of Business. You can contact the author at kgibbons@cisco.com