Ensuring there are enough well-trained people to protect critical computer systems from cyber attacks continues to be top of mind as both private industries as well as government agencies at the local, state, and federal levels rely so heavily on these data networks to run a myriad of operations.
But many remain concerned about the continuing need and ability to identify and cultivate the skills required for future cyberwarriors who will be tasked with helping to protect telecom, power, financial, transportation, military, and other networks from harm.
Eric Bassel, a director at The SANS (SysAdmin, Audit, Network, Security) Institute, notes the approach the military takes for training and staffing shouldn’t be much different than recruiting and maintaining an army of cyberwarriors. In his opinion “one type of person simply can’t do it all”.
Instead, teams of cyberwarriors must be built based on specialized and individual skills. Then, these highly trained teams can work together to combat attacks and other activities. A number of steps, though, are required to assemble a successful cyberworkforce.
CP Morey, senior director of products at Sourcefire, says a cyberwarrior will need to be “less of a grunt and more of a specialist like a Green Beret.” A high level of expertise and task segmentation within a tight-knit unit will enable government organizations to adapt a wide and powerful arsenal to defend their environment.
While identifying and defining roles within a team is an important first step toward combating cyberattacks, Bassel says, continued training is equally significant, noting that some branches of the military have a difficult time keeping up with this aspect. In addition to training, basic human resource issues must be addressed in order to understand what is required for success. Among other things, this includes recognizing and outlining jobs by skill set, he adds.
Unfortunately some of the less glamorous areas and skill sets are the most important in terms of effectively fighting cyberattacks. While new recruits might hope to find themselves in the twenty-first century equivalent of War Games with computer screens flashing and a digital clock counting down, the reality of cyberdefense is a lot less alluring. Bassel says that defensive measures, such as blocking and tackling threats, must take precedence, along with the need to better protect the application layer of networks.
Another key cyberdefense strategy is to be proactive. Morey notes rather than waiting to take action until after a security breach happens agencies need to look for vulnerabilities on an ongoing basis in the same way that someone who wants to avoid a heart attack changes their diet and exercise plan before a heart attack happens, rather than after. A great example of this is organizations that craft malware to attack other malware so the DoD can ‘fight fire with fire.’
Morey makes a great analogy between how the upstart colonialists defeated the British in the Revolutionary War. The war was fought according to the conventions of the day with certain rules and weapons, but the Americans gained the upper hand, despite their position as the underdog, because of their knowledge of the terrain. In other words, it was an element of surprise which helped them to defeat the British.
While the theater of cyberwar is not a physical space, the weapons no longer bullets, and the strictures around rules engagement are long gone, the Americans are, ironically, still the underdog against organizations like Anonymous and other cyberattackers. “Attackers are using an organization’s formal structure and associated security rules against network owners” to craft an attack and defeat that organization’s strategy, Morey says. “That level of sophistication will only increase.”