Network Vulnerabilities: Addressing the RisksNew Blueprint Outlines Cyber Operations Strategies
That's why Booz Allen Hamilton has developed a new Cyber Operations blueprint to address the vulnerabilities existing in networks today and offer insight into how to better secure them.
The process begins with pinpointing the areas of highest risk and addressing them first. "Understanding what needs to be protected the most, and what needs to be protected but maybe not to the same extent, is critical to any sort of analysis around an organization," says Bob Lamb, senior vice president at BAH.
Before joining Booz Allen, Lamb was part of the task force that developed the Department of Defense's first command, focused on defending its computer networks and information systems.
Providing a frame for organizations to look at their own networks and vulnerabilities is the first step of the blueprint, and then completing analysis to see what an organization's risk and exposure is follows.
But it's not solely a technology problem, Lamb says in an interview with BankInfoSecurity.com's Tom Field [transcript below]. "It's really about people, management and policy, as well as technology," he says.
And with the growing need for interconnectedness with other people and organizations, protecting networks has never been more important. It's insufficient to look at just yourself, but "looking at yourself in the context of the organizations that you need to work with across the Internet to secure."
In an exclusive interview about the blueprint, Lamb discusses:
- Why we need a new approach to Cyber Operations;
- Core elements of the new blueprint;
- How to get started.
Lamb leads the NetOps, Army Cyber, and the firm's Information Analysis Center (IAC), which includes oversight of the Information Assurance Technology Analysis Center, Survivability Vulnerability Information Analysis Center (SURVIAC).
Before joining Booz Allen in 1999, Lamb served in a variety of command and staff assignments as a Signal Officer in the U.S. Army. He concluded his military career as the Chief of Staff for the Joint Task Force for Computer Network Defense (JTF - CND), and was part of the task force that developed the Department of Defense's first command, focused on defending its computer networks and information systems.
TOM FIELD: Before we dive into the topic, why don't you tell us a little bit about yourself, your background and your current role with Booz Allen Hamilton.
BOB LAMB: I started out my professional career in the army, spent 21 years as a signal officer and came to Booz Allen in 1999. I was elected to the partnership and became a vice president in 2007. During my time with Booz Allen, I've focused on cyber and Cyber Operations. Most recently I was asked to stand up our Cyber Operations team that is facing all of the Department of Defense cyber operational commands and organizations.
Cyber OperationsFIELD: Let's talk about Cyber Operations. Why do we need a new approach?
LAMB: If you look in the popular press today, we as a nation have become increasingly dependent on cyber and networks for all of our information and data exchange. And with the explosive growth of those networks and our reliance upon them has come an explosive growth of those that wish to do harm. The threats have increased exponentially and the potential for significant harm has equally grown. We're facing a real problem. With our historical approaches, while they have continued to enhance security, the pace of change and the pace of the growth of the problems have grown at equal pace. I think we've got to step back. I think the DOD [Department of Defense] is doing it but we're going to need to take a revisit of how we approach this mission area if we're going to be successful going forward.
FIELD: Booz Allen Hamilton has a new Cyber Operations blueprint out now. Broadly, what can you tell us about it?
LAMB: Our blueprint takes a step back and says that for us to be successful in this realm, we're going to need to have a couple of key capabilities and service offerings for our clients. And it starts with providing them a frame around which to look at their own networks and their own vulnerabilities, to look at the threats that are facing them. We have a number of service offerings that help provide that full spectrum of situational awareness. Then you've got to do some analysis around that, and that analysis needs to approach it from the standpoint of, "What's your risk? What's your exposure? What are your options for fixing them and how much can you afford to spend to protect those networks and that data?" We take it from that point forward to look at the speed of execution. Some things have got to be resolved very quickly. Some are more evolutionary and we have a framework around which to address both of those.
The purpose of all that, as you thread your way through, is to provide secure missions operations. We look at it from stem-to-stern in our view to get to some core solutions for you. The other thing that sets us apart is we don't view this as solely a technology problem. If you look at how an organization, or a command, is going to be effective in this space it's more than just the technology. It's more than just the intrusion detection systems, firewalls and the newest gadget. It's really about people, management and policy, as well as technology - operations being the hub or the core of integrating that framework. Our view is that it's going to take more than just technology to solve it. You've got to have a full spectrum of mission areas to look at to be healthier in Cyber Operations.
Cyber Operations BlueprintFIELD: That's a great overview. Could you discuss, maybe in some detail, how the blueprint addresses some of the core elements necessary to Cyber Operations?
LAMB: If you take a look at any sort of organization or command, they're looking at their networks, data, mission requirements and dependencies across each of those. Understanding what needs to be protected the most, and what needs to be protected but maybe not to the same extent, is critical to any sort of analysis around an organization. If you think about it, it will ultimately drive toward the resources you applied protecting those things. Having an appreciation for the networks that you reside on and the level of security that is required around each of your data, based on your individual mission requirements, is really important. Then supporting that is having an understanding, an insight, that situational awareness if you will, of the vulnerabilities that come with that network and that data, as well as the threat.
What are the bad folks out there trying to do to you? Why are they trying to do it? And that will vary. Sometimes it's just stealing information. Sometimes it's trying to interdict your processes and flows. Understanding what that threat is to your organization across that data and those networks is critical to having the ability to anticipate problems. The second aspect is around continuing monitoring of your networks and data so that you're able to know and understand when something has occurred and then are able to respond. Having the key indications and warning; having what I mentioned previously around the intrusion detection, fire walls and the triple areas that protect your network - it's that aspect of reacting. There's immediacy to some of it. Then there's a longer term set of responses that an organization would want to take. Really it starts with that situational awareness to allow you to be aware and anticipate problems across your network and with your data.
FIELD: We've talked about some of the internal benefits of this Cyber Operations blueprint. What are some of the external benefits as well?
LAMB: The fascinating thing regarding networks, information and the sharing thereof is that we are all interconnected. The Internet has created truly a global environment, and we're increasingly finding that it's insufficient to solely look at yourself, but looking at yourself in the context of the organizations that you need to work with across the Internet to be secure. There has to be a trust relationship and what we're seeing increasingly is organizations organizing themselves in a way that they can share information securely. If you look at the financial community for example, their ability to share data is critical. It's not a gold-based system any longer. Really our financial systems are based on the trust and confidence we have in the sharing of data between financial institutions and us. Increasingly we become a global network. The level of trust that we have regarding the information in that data exchange must be there. What we see increasingly happen is industries coming together to develop a means of communicating, coordinating and sharing data between them. And over time that expands and you see it influencing every aspect of the network. You take the financial industry, or the power industry, and you see those communities coming together, recognizing that a shared risk is present for all of them across networks and achieving a way of sharing that data that is valid to their operational security.
Mission Integration FrameworkFIELD: That's great insight into some of the details. Now is there a model that we can look at to understand this new approach to Cyber Operations?
LAMB: Booz Allen has created a mission integration framework where we tie what we view as the key components to solving and operating securely in cyber space. There's the policy - the things that your organization can set in place to help guide how and when staff will interact with the data. There are operating guidelines for your particular organization, operations which we're talking about here which are the gears that keep all of the things flowing so that you have the situational awareness, anticipation and the things that we've talked about previously. There's management, which is really around resourcing. How much do you put to your cybersecurity in securing your cyber environment and people? There's training, the human resource aspects of your staff, their security clearances if you're operating within the intelligence community, for example the DOD and all those areas. Policy operations, technology management and people provide that overarching view. We've placed that out there in the public domain as our view of how these things operate together to provide an organization the ability to achieve greater cybersecurity when operating the cyber space domain.
FIELD: My last question for you might be my biggest one, and that's how do we get there? You've given us a great overview of this blueprint. You've defined Cyber Operations and where we need to go but how does an organization assess where it is now and get to where you're showing them where they need to be?
LAMB: What we've done at Booz Allen is we created a cyber-maturity model and diagnostic. What the model and diagnostic do is lead the organization through a process of discerning where you're at today, across our mission integration framework, and where you want to be tomorrow. It helps you make decisions around risks and costs that you are willing to accept or expend to achieve a level of security that you feel you need for your mission success on your networks. If you reach out to Booz Allen Hamilton, go to our website or call us, we will provide a team of experts that can look at your organization with you, using your cyber maturity model, to help you make those critical decisions that you need to make.