Annotated Bibliography – Defense in Depth in the context of Protecting National Infrastructure
S. Jajodia, S. Noel, P. Kalapa, M. Albanese and J. Williams, “Cauldron mission-centric cyber situational awareness with defense in depth,” 2011 – MILCOM 2011 Military Communications Conference, Baltimore, MD, 2011, pp. 1339-1344.
This paper by five authors of George Mason University talks about limitations of situational awareness of cyber system and their vulnerabilities. It mainly focuses on the advanced abilities of a topological vulnerability analysis (TVA) tool called Cauldron. Cauldron is a tool used by the National Security Agency (NSA) to trace data breaches or to understand vulnerabilities of an organization. This tool was made commercially available in 2009.
As their website – www.cyvision.net defines – Cauldron is a cost-effective, nimble, adaptable and automated network visualization and modeling tool that helps system administrators manage endpoints proactively defend their cyber-environments from a wide variety of attacks in a way no other tool does, utilizing open and agnostic architecture. This 2011 paper provides a comprehensive approach to network security relies on multiple layers of defense to prevent espionage and direct attacks against critical systems. Although the paper talks about multi-layer defense systems, it does not really go into how effective cauldron is when it comes to detecting vulnerabilities in diverse ecosystems of enterprise devices and operating systems. It focuses mostly on desktop/laptop systems. I would have preferred for it have discussed more on mobile devices and multiple factor authentication. If and how the tool can identify, and effectively measure the topological vulnerability of such an architecture.
Ridley, G. (2011). National Security as a Corporate Social Responsibility: Critical Infrastructure Resilience. Journal of Business Ethics, 103(1), 111-125. Retrieved from http://www.jstor.org.gate.lib.buffalo.edu/stable/41476014This 2011 article is found in the Journal of Business Ethics and is published by Springer Publication from Germany. It is an interesting article describes how private companies are to be held accountable for the safety and security of our National Infrastructure, including data on citizens of the country. With the recent data breaches of various private and public companies such as Experian, Target and just last week, LifeLock (the company that is supposed to protect to protect its customers from data breaches itself is very vulnerable to cyber threat). Although the article talks about critical infrastructure resilience, mostly in terms of physical assets and infrastructure in traditional sense such as railways, roads et cetera. It also emphasizes on the need for secure online infrastructure for its citizens by the state as well as private companies.
The article talks to about multiple layers of security needed and just not a mere theatrical façade of cyber security as a public relations obligation. It talks about private companies’ need to support judicial system in enacting and enforcing law against online crime – an example of which we saw in the recent turn of events with Facebook and it’s handling of data with Cambridge Analytica.
Small, P. E. (2011). Defense in Depth: An Impractical Strategy for a Cyber World. SANS Institute, 1-22. Retrieved July 29, 2018, from https://www.sans.org/reading-room/whitepapers/warfare/defense-depth-impractical-strategy-cyber-world-33896Defense is Depth as a principle state that with layered security, one could increase the security of the system. In case an intruder compromises one of the layers of security, the other layer prevents them from reaching critical assets of any organization, or at the least, buys some time for the security personnel of the organization to respond to the attack. This interesting article challenges the legitimacy of entire concept of defense of depth strategy and calls it an ‘Impractical strategy’ when it comes to modern cyber world. While one could initially brush aside author’s hypothesis, it is interesting to view it from author’s lens and critically looking at the concept itself.
The author suggests that the defense of depth was a strategy developed for military combat compelling an attacker to spend a large amount of resource to get through the initial layers of protection. One can definitely agree with the author on this, that it was indeed a strategy developed by the military for real world physical combat. However, extrapolating and adapting the same concepts in the cyber world is not a bad idea as the author would like to suggest in the article. The author also argues that the defense of depth is a redundant strategy and is unsustainable in this era of cyber innovation.
Small, P. E. (2011). Defense in Depth: An Impractical Strategy for a Cyber World. SANS Institute, 1-22. Retrieved July 29, 2018, from https://www.sans.org/reading-room/whitepapers/warfare/defense-depth-impractical-strategy-cyber-world-33896.
Even though our course mostly focuses on United States and policies established by local companies and state to protect the country’s infrastructure against hackers, it is important to look at what countries and companies around the world are doing to protect themselves from the same threats. As the world becomes more connected, it is also important for us to make sure international standards are in place for critical infrastructure. This article from the Open University in Milton Keyenes, UK, focus on importance of materialization of non-human objects in production of security or lack thereof. The authors also talk about importance of importance of security of physical servers and other infrastructure which is the back bone of any cyber network and how implementing non-human entities to protect physical assets may not be the best of ideas, it talks about consequences of such scenarios and implications of such decisions on the entire country.
An interesting perspective this article talks about is creating layers of security by having a combination of both human and non-human security systems in place, in order to overcome disadvantages of both these entities – essentially compensating for human error and fatigue through automation. And compensating for redundancy, lack of intelligent response to new types of attacks and decision making abilities by human intervention. It is an interesting read that provides us how the future of our infrastructure architecture may look like. One could also argue that as artificial intelligence and robotics technologies get better, need for human intervention will reduce and robots will replace all humans in the field of physical security creating necessary layers and depth in defense against intruders.
Peiran, W. (2012). China’s Perceptions of Cybersecurity. Georgetown Journal of International Affairs, 35-40. Retrieved from http://www.jstor.org.gate.lib.buffalo.edu/stable/43134336Continuing my quest to look at what other countries and companies have done in the field of cybersecurity and critical infrastructure, I found this article that explains about China’s approach to this global problem. This 2012 article takes us through China’s infrastructure development, bureaucracy and domestic strategy for Cyber Security. Even though the author does not provide us with in depth technical details on strategies and policies, Dr. Perian provides us a glimpse of the though process of China’s think tank in taking a balanced approach to Cyber security ensuring military preparedness and strategic necessities.
It is very interesting to learn about what policies a communist republic would take as compared to a democratic republic such as the Unites State or the United Kingdom. Radical economic and technological growth of China in the last 30 years has forced its government to be a step ahead and wary of the potential threats to their critical infrastructure. With the Chinese government controlling the nation’s internet and censoring information being transmitted in the country, one could argue that this itself would create a layer of defense against any other nation trying to take down China’s cyber assets.
ROBINSON, C., WOODARD, J., ; VARNADO, S. (1998). Critical Infrastructure: Interlinked and Vulnerable. Issues in Science and Technology, 15(1), 61-67. Retrieved from http://www.jstor.org.gate.lib.buffalo.edu/stable/43311852Although the internet and technological landscape is entirely different from fall of 1998, when this article was Published by University of Texas at Dallas, it is important for one to look back and see if concerns and threats of that era have been overcome. In order to advance in the field of security, it is essential to understand vulnerabilities of the past and make sure new technologies protect systems against those as well as prepare for potential threats of the future. This article speaks about how, at the time, computers were boosting performance of systems and providing interconnectivity. Also warns the readers against the risk of technological domino effect – basically stating failure of one system can lead to failure of multiple other sources. One could argue that these risks haven’t been eliminated yet, in fact the domino effect is more relevant now than ever. The internet and digitization has connected everybody and every system that is virtually impossible for one to protect oneself – even a data breach at an unknown company could personally affect a citizen even though they never inter acted with the company under attack. For example – an unknown marketing firm in Florida, Exactis, had a data breach in June 2018 that put 340 Million Americans at risk by leaking their personal information. This is author’s so-called technological domino effect on steroids!
The author provides interesting recommendations that may be adapted even today.
Deibert, R. (2012). Cybersecurity: The new frontier. Great Decisions, 45-58. Retrieved from http://www.jstor.org.gate.lib.buffalo.edu/stable/43682574This article published by the Foreign Policy Association explains that cyber space as a domain of global digital electronic and telecommunications and not just the internet. It is true, as the author says, that any downtime, either in telecommunications or the internet will result in massive financial losses for customers and the even in some cases, a country’s economy. This very interesting article talks about how the internet and social media tools have changes the geo political landscape on not only democratic countries, by also have played important roles in overthrowing oppressive dictatorships and assisting revolutions in various parts of the world – explains how cyberspace and politics of a state are intertwined in this era.
This 2012 article also predicted cyberwarfare and warned of scenarios such as the alleged Russian collusion in the 2016 United States presidential election. It is more important now than ever in the history to create multiple layers of security in the internet and communications landscape – the article talks about the importance of cloud infrastructure and what the authors call ‘the dark side of the cloud’. Authors also warn us of the vast presence of GhostNet – the information warfare cyber spying operation. Although the author doesn’t necessarily provide technical solutions or details in the article, this can be referred to learn about implications of internet and cyber security failures on the social, political and economic facets of the society.