联邦政府更好地保护其信息系统和网络安全支持,在私营部门,部门和机构将需要显着提高他们收集的方式,分析和对新出现的威胁,现任和前任政府官员告诫共享信息。
在一个政府Akamai召开的会议,a content delivery and cloud service provider, officials stressed the importance of casting a wide net for gathering information about cyberthreats, calling for the advancement of new standards and protocols to automate information sharing across the public and private sectors.
"The more participants we have in our process, the better that process is going to be," said Danny Toler, acting assistant secretary at the Department of Homeland Security's Office of Cybersecurity and Communications.
[ Related:Tackling cybersecurity threat information sharing challenges]
菲利斯施内克,谁最近辞去了在美国国土安全部一个副部长处理网络安全,观察到从挑战参与运算,人的因素都出现,而事实上,电脑本身有局限性。
"Computing is about people and machines," she said. "We're all human. We actually can't get trained out of clicking on a link. We can try, we can get most of it, but we're going to click."
在网络“态势感知”
保安公司提供的,可以进行干预,以缓解来自恶意链接,用户在点击该产品的损坏一群,施内克说。但她设想威胁数据的大得多,全局池可能被立即自动挖掘,以保持机从堕入恶意行为者,将通过“大数据分析”功能来帮助进行数据的海量宝库的意义上的系统。
"Real-time, we also want computers to have this same kind of backstop. You want to look at what arrives at a computer and what it should and shouldn't act on. So computers are not smart -- you can quote me on that -- they're just fast," she said.
[ Related:信息共享法案通过,但隐私的争论继续]
她的眼光看到了“态势感知”作为国土安全部的不断发展,将采取通用联网计算活动在同一方向爱因斯坦威胁检测和响应系统,她说已经从移动的“疫苗的系统到现在的免疫系统”,以更好地保护政府和私营部门的系统。
“这可能发生在所有我们的互联网与来自Akamai的类似公司,看到一个大的,世界的广阔视野的知识,”施内克说。
“如果我们能得到我们的互联网认识坏事和攻击它,”她补充说,“我们可以开始看我们如何不仅结束指令被简单地没有关于它的思维运行的想法,但也能够发出警告。..在光所有的人,可能是在网络上相关的速度“。
推进入侵防御
在国土安全部的爱因斯坦队已经推动这一计划,其重点是入侵防御的第三个要素,即监控数据流,当发生了入侵检测的另两件建设。TOLER描述通过国土安全部正试图通过对帮助建立了该程序的分析能力数据的安装存储绘图扩大爱因斯坦的威胁防御设备的试点方案。
"At this point, that prevention is based on signature capability, so it's blocking known knowns," Toler said. "But as we increase our analytical capability, we're looking to increase those known knowns, but also looking with EINSTEIN III to shift into non-signature based capability."
政府为扩大网络问题上的协调努力,不要在该国的边界结束。克里斯托弗画家,国务院的协调员网络的问题,介绍了该组织的宗旨,以促进网络的规范在美国外交使团,并帮助发展中国家建立自己在该地区的基础设施。无论本次会议的主题,画家说,网络安全问题一般都放在桌子上。
[ Related:State Department argues against 'cyber arms' treaty]
"This is something that comes up in almost every bilateral meeting we have," Painter said. "Whether it's cyber or not, these issues come up."
官员们还认识到,没有收集和数据的共享中要取得平衡,以及隐私和民权团体都可以发挥作用,以确保消费者的个人信息不会过度地在安全的名义损害。此外,还可以是公共和私营部门之间文化上的障碍,因为一些商家不愿意与当局共享数据,因为怕暴露自己在法律责任的,或出于无奈,政府是吝啬的信息,它的股票与回报外部实体。
有在网络犯罪社区没有这样的障碍,施内克认为。
"The adversary has no problem sharing information," she said. "They work with an alacrity that we will never see because we actually have a civil way of life to protect. So for us, partnership is mandatory if we're going to bring this together."
这个故事,“联邦调查局战斗网络安全与分析”最初发表CIO 。