• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering

Cybersecurity

Group logo of Cybersecurity
Public Group active 11 hours, 5 minutes ago

Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.

  • Home
  • Forum

Do not look for the silver bullet solution.

  • This topic has 1 reply, 2 voices, and was last updated 4 years, 8 months ago by jyuenger.
  • Creator
    Topic
  • 2016-05-26 at 08:27 #6162
    bobnews
    Participant

    Government needs to stop thinking about a silver bullet solution that will protect every computer and start thinking about a solution to protecting the really important industrial plants. These are the plants that involve our water supplies, electrical plants, etc. These are the target that an enemy of the US will want to attack.

    These plants can be protected by turning general computers with large numbers of executable programs into limited programs with limited numbers of executable program. The limited number of executable programs would be protected by trip wire, and before an executable program is activated a check would be done on a program there would be a check that the signature for the file matches the tripwire signature for the file. The weakness of tripwire is that it does not do a check when a program file is activated.

    A cyber attacker may be able to access a limited computer system but the attacker will not be able to activate a malicious program on the system since there will not be a valid signature for the malicious program.

    The signatures for the programs would be stored upon a read only devise and this would prevent an attacker from using a valid signature for the malicious program.

    The limited system also should not have any programs that load programs at start up. If this was adopted by general programs it would make it harder for hackers to have their malicious program activated at start up.

    This is not a solution for all computers but it can be a solution for important systems.

    There will be even more protection for these systems if there is only access to defined websites. There is no reason for an operator on a plant system to have access to any website.

    By the way this idea was sent to various DoD organization in 2002.

  • Creator
    Topic
Viewing 0 reply threads
  • Author
    Replies
    • 2016-07-25 at 11:06 #6513
      jyuenger
      Participant

      I think the idea is correct, to focus on vital national infrastructure has to be a prime objective of the cyber defense teams. However, your looking at setting up a national botnet created by the government. Basically, a program that is activated if the tripwire sends the signal. But opening up a link to the different infrastructure a pre-established link would require a completely error free program, with absolutely no back door access. Even with required access to make any alterations, it would have to be setup as a consistently evolving system similar to how AIDS/HIV is has been such a difficult virus to treat, because it evolves before a vaccination can be developed. Its entire design in this simple single cell organism is to reproduce and protect itself by evolution. This system would require that level of self evolution to protect the system from being breached. Their are many systems within the Government that have been exploited even with a extremely minimal amount of access.

      The vital infrastructure of or nation needs pertaining to utilities needs to be completely sealed off from any outside connections. With a system that can only be connected to through the use of a completely unique hardline. Then it needs to have a limited access signature design that you described as further protection. By alienating the access you create the most fool proof penetration system. Plus a government mandated public sector botnet is not something that people are not going to accept in the large scale population. One if the tripwire mechanism is somehow activated, and the limited processes and use of the nations personal computing power is activated. Backwards engineering has the potential to put the entire nations personal computers at risk. Even if risk is not a factor people generally do not react to having their private computers loaded with Governmental software they will naturally expect the worst, that at anytime the government can invade their private lives. History shows us that when the public feels they have lost privacy, societies react poorly to a “Police state.”

      I am not implying that your idea wouldn’t work, just that like all plans its important to objectively analyze public relations with the Governmental body. There is also the unmentioned sectors that need protection, such as our financial institutions, stock markets, these are also hard targets of hackers and terrorists. Then you have college institutions, Hospitals, clinics, military data basis, Government data basis, a country that has information on our presidents current health is a dramatic risk. That was something I learned in my first college Sociology of International Relations class. These institutions all have a vital need for protection and many of them cant be just removed from the grid. They need to be given the means to properly protect their networks. However, with the growth of devices owned by visitors, employees, and temporary staff all create unprotected gateways and vulnerability points for these institutions. We already know through the acts of 9/11 that terrorists target our financial sectors, the pentagon, they where both primary targets of these organizations. Think back to the old concept visited by “Live free and Die Hard” of a complete “Firesale” crippling each major sector. Crippling transportation, utilities, government, communication, finance, military operations, all things that play major factors in the way we now live our lives. Hospitals scan in every medicine delivered to a patient, their entire treatment plan, the very information vital to keeping Intensive care patients alive, its all digital, and the loss of such data could cause detrimental fate for numerous lives. Combine that with other forms of terrorist attack and you create mass chaos. Terrorism by definition is the use of fear or terror to control or manipulate a target group into a certain behavior.

      Your correct there is no silver bullet for all Cyber Security threats, but that’s why people with the skills to collectively target each type of operation is so imperative. We need multiple task force directed agency lead groups to act as the immune system against cyber security threats. It should have been a primary objective since the dawn of the Internet of Things, but now more than ever recruitment and training of individuals with educational training or natural skill in Cyber Operations is vital. Because we need a large enough, and skilled enough “Cyber Immune System” to combat each type of emerging threat. The ones we already know are being targeted and the ones that have yet to reveal themselves. We need to provide a systematic but human threat prevention directive. Any target protected by a purely systematic virtual reactionary system is still open to vulnerabilities perhaps not immediately but with each evolution in tech, creates a new wave of potential threats. The human element is needed as it is almost a competitive system with hackers. Who can outwit, out perform, and create answers to threats. The only possibility of a system to counter all cyber threats would be in a A.I. system and we do not have the ability to control or contain a system with that level of intelligence and ability to grow. Once we allow a system to learn on its own, protect systems itself, become self aware, and analyze humanity as a whole will be analyzed by that system. And with a A.I. your talking about a potentially immortal being, one that will evaluate our entire history which is easy enough online, in a extremely quick amount of time. If this system has access to all the things that keep our society flowing in a healthy manner, we have to know that the system will deem us worthy of existence, because we gave it the control to devastate our existence. This is why the human system is necessary. The discussion of a self educated A.I. is one that requires a great deal of further engineering and analysis.

      The threats are human, we need to stick with the tactical approach of a human v. human technology enhanced threat prevention objective. I am only a cybersecurity student but I have been working with computers, hardware, and software development since I was 10, at 31 I don’t believe I have a completely perfect background in Governmental Cyber Operations unit, but I believe my general knowledge of counter-hacking, and Cyber Operations tells me that no single protective measure is 100% perfect, but we need to look at how society will respond to our decisions, and we need a human network for threat analysis and prevention.

      I know this post may be older but still warranted a secondary opinion to the proposed threat plan listed above. The wrong idea even with the right intentions does not make it the correct approach.

  • Author
    Replies
Viewing 0 reply threads

You must be logged in to reply to this topic.

sidebar

Community Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Cully Patch

An internal CSIAC SME with a passion for learning, teaching, and supporting the warfighter, Mr. Cully Patch has been a member of the CSIAC staff for 5 years. Cully was instrumental in leading the development and instruction of an extensive course on DoD Cybersecurity Analysis and Reporting (DoDCAR) - a threat-based approach to addressing system cybersecurity. As a senior program manager for cybersecurity and intelligence, Mr. Patch has extensive experience in providing cybersecurity training and education to both university students and military operators. Cully is a retired US Air Force military officer with career accomplishments in the fields of research, Intelligence, cybersecurity operations, planning, and technical course instruction. CSIAC is honored to have Mr. Patch as a subject matter expert, where he leads teams of technologists through problem solving, training program development, scientific and technical information generation, and analysis of complex system requirements.

View SME's Contributed Content

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • Explore the Innovare Advancement Center-Part 1 Series: Innovare Advancement Center & The CSIAC Podcast
  • Cybersecurity Maturity Model Certification (CMMC): The Road to Compliance Series: The CSIAC Podcast
  • Deep Learning for Radio Frequency Target Classification Series: CSIAC Webinars
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 3 Series: Programming Language Comparisons
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 2 Series: Programming Language Comparisons
View all Podcasts

Upcoming Events

Thu 29

Data Connectors Phoenix Virtual Cybersecurity Summit

April 29
Organizer: Data Connectors
636-778-9495
May 17

SANS Purple Team Summit & Training 2021

May 17 - May 28
Organizer: SANS Institute
May 27

DockerCon LIVE 2021

May 27 @ 06:00 - 14:00 EDT
May 28

LayerOne 2021

May 28 - May 30
Oct 18

IEEE Secure Development Conference

October 18 - October 21
Organizer: Institute of Electrical and Electronics Engineers (IEEE)
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT