Cyber-security cannot be approached as something it professionals simply handle for an organization. Attack sophistication today is far ahead of where it was only five years ago. Government and industry must work together to deliver and provide solutions.
Cyber-security cannot be approached as something it professionals simply handle for an organization. Attack sophistication today is far ahead of where it was only five years ago. Government and industry must work together to deliver and provide solutions.
Cyber-security cannot be approached as something it professionals simply handle for an organization. Attack sophistication today is far ahead of where it was only five years ago. Government and industry must work together to deliver and provide solutions.
Government knowledge workers can Blue Ridge CEO describes impact of
strengthen cyber-security in 3 ways cyber-theft in GSN video interview “This stealing impacts everyone,” From Page 1 “According to a Symantec the battle to the threat rather than said Fumai. “You can pick up a newspa- spokesperson, cyber-theft is now a number of vulnerability points. waiting for the attack. This approach per every single day reporting of the more lucrative business than drug traf- In 2008, Homeland Security combines proactive and predictive stealing of identities from consumers ficking.” Presidential Directive 23 (HSPD-23) measures for the best results, enabling or drawing money out of the bank This startling statement was made by responded to this rise in cyber-security an organization to see a threat coming accounts of small businesses. Small Mike Fumai, the President and CEO of incidents by prescribing an array of well before it arrives. Comprehensive businesses that lose $75,000 or Blue Ridge Networks, in a video inter- practices and preventive measures, but malware discovery and awareness can $150,000 from their bank accounts view in which he described the dire budget limitations and competing prior- provide insight into new ways to defend can be consequences ities have inevitably slowed compliance. against emerging threats. brought to of malware Recent Government Accountability 2. Education of the knowledge their knees. attacks on gov- Office (GAO) testimony before the worker They’re clos- ernments, House of Representatives claimed that Key steps toward effective, comprehen- ing their doors businesses and 23 of 24 major federal agencies fail to sive cyber-security and malware protec- every day.” consumers. consistently apply and enforce authori- tion are awareness and education. Blue Ridge The inter- zation practices that Government knowledge Networks was view was con- would protect data and workers have become named the ducted by control access to govern- favorite targets of social winner in the G S N : ment IT systems. It is engineering cyber attacks. GSN 2009 Government clear that awareness, edu- To be an effective front Awards for its Security News cation and cyber-security line of defense, govern- AppGuard on the day after solutions need to catch ment employees must anti-malware Blue Ridge up with existing policy understand the basics of solution, took home the and directives. how the Internet works, as which the winner’s trophy Cyber-security cannot well as the inherent vul- company claims “protects PCs from in the “Best Anti-Malware Category” of be approached as some- nerabilities and weakness- attack by the latest generation of the GSN 2009 Homeland Security thing IT professionals es of the agency’s system sophisticated malware threats, increas- Awards Program. The interview is avail- simply handle for an and its users. They must ing endpoint security coverage to able for viewing on the GSN Video organization -- not given understand how malware address more than 90% of known and Center at the way the Internet has works and recognize their unknown vulnerabilities.” www.gsnmagazine.com/cms/gener- evolved into a major part responsibility in protecting According to Fumai, the contempo- al/2876.html. of daily professional and personal life. government systems from it. rary malware threats can only be In other examples of the impact of Attack sophistication today is far ahead 3. Understanding the risk stopped by traditional anti-virus prod- malware, Fumai pointed out that the of where it was only five years ago. As With a laptop and a connection to the ucts 20 to 30 percent of the time, Melissa Hathaway/CSIS Report com- network protection has advanced to Internet, cyber-attackers anywhere in the because they rely on known malware missioned by President Obama con- counter the threat, the threat has shift- world can investigate and compromise an signatures. Cyber-criminals today are cluded that $1 trillion worth of U.S. ed from the system to the user, and the agency. Their costs are low and the dam- changing their signatures every 10 min- intellectual property was stolen by user (who is accustomed to ubiquitous age they inflict can be devastating. utes, he said. cyber-espionage in 2008. He added connectivity) has become an easier tar- Government must understand this risk In 10 years of business, said Fumai, that cyber-criminals are presently steal- get for exploitation. and its particular vulnerabilities. With Blue Ridge has had zero reported vul- ing over $1 million per day from small Knowledge workers in the government this understanding, an agency can take nerabilities. businesses. and elsewhere need to recognize that protective steps that will enable it to con- they are the first line of cyber-security tinue its mission, even under cyber- defense. Government must jump-start federal cyber-security efforts in order to attack. There are numerous solutions available on the commercial market, and Finjan’s Malicious Code Research provide a starting point for staff educa- tion, the protection of sensitive informa- tion and the safeguarding of government industry has a role in bringing these solu- tions to their government customers. The key, however, is determining which com- Center (MCRC) finds malware on infrastructures from emerging threats and risks. No matter the agency or mission, there mercial solution translates well to govern- ment agencies. HSPD-23 will certainly improve the 77 different government domains Traditional Web security solutions Malicious Code Research Center are three keys to successful government federal cyber-security landscape, but only continue to rely on matching mali- (MCRC), which in the last year has cyber-security efforts: if compliance is substantive and not cious code to a known signature or identified malware residing on 77 1. Malware discovery and compre- merely formal. By expanding cyber-edu- URL to a database of URLs by cate- government domains (.gov) in the hensive malware awareness cation, encouraging best practices, and gories, and were not designed to U.S., UK and other countries. Malware -- small, sophisticated pro- developing leap-ahead security strategies, prevent today’s Web attacks, accord- Finjan alerted the countries to the grams that users unknowingly download government and industry will be better ing to Finjan, Inc, of San Jose, CA, breaches, enabling them to correct to their systems -- can compromise pro- positioned to undermine and deter the a finalist in GSN’s 2009 Homeland and repair the breaches before they prietary and confidential information, bad actors operating on the Internet. Security Awards. became known to the public. degrade system performance or even Mary Craft is senior vice president, Today, the company asserts, up to The company’s Secure Web hijack a system for criminal purposes. national systems, in QinetiQ North 90 percent of malicious code on the Gateway solutions use patented, Government and industry must work America’s Mission Solutions Group, Web resides on infected legitimate active, real-time inspection tech- together to deliver and provide solutions and leads QinetiQ North America’s Web sites, and is typically obfuscat- nologies, by which the code embed- that can detect malware and mitigate it cyber-security and operations efforts. ed to evade traditional security solu- ded within Web content or files is before it causes any security breach. She can be reached at: tions. analyzed and its intentions are Cyber intelligence can do this by taking Mary.Craft@QinetiQ-na.com Finjan is the creator of the understood in real-time, regardless
JANUARY, 2010 20 GSN: GOVERNMENT SECURITY NEWS www.gsnmagazine.com