DHS seeks to grow antibodies in cyberspace


A white paper released March 23 by the Homeland Security Department says a tripartite approach to cybersecurity based on automation, interoperability and authentication could make networks fundamentally more secure.

The paper envisions a future in which networked devices communicate in near real-time about attacks and react in a coordinated manner based on a policy framework. Some simulations of such a cybersecurity model, the white paper says, indicate that only 30 to 35 percent of devices would need to cooperate in order to defeat an attack, meaning that a large-scale modification of existing infrastructure wouldn't be necessary for implementation.

The paper draws heavily on an immune-system analogy, positing that cybersecurity should become a matter of "automated courses of action" in which devices sense malicious actors and enact defensive responses on their own.

The first building block in making that possible, automation, would require devices endowed "with strong feed forward and feedback signaling mechanisms" that can accommodate communication failures.

Authentication would allow devices a heightened ability to observe, record and share data, the paper adds. An authentication mechanism would have to "recognize that trust is not a binary or static state, but is fluid and conditioned upon evolving operations and environmental factors." Authentication would extend beyond persons to include computers, software and information itself.

Of the three elements in the tripartite approach, the paper spends the most time on interoperability, which itself has three types--semantic, technical and policy. Semantic is the ability of parties to understand a message in the sense intended by the sending party, technical the practical ability to send the messages, and policy is common business processes related to the transmission, receipt and acceptance of data.

The paper also suggests a maturity model for assessing how much various communities adopt the immune system model, adding that the scale isn't normative, since some communities could opt to operate at lower levels for reasons of cost or efficiency.

Creating the model will require a government role, the paper heavily suggests.

"Adoption of security standards is decidedly slow, and early indications are that cybersecurity continuous monitoring will face impediments to adoption. This indicates an imbalance of incentives, whereby defenders are not incented, but attackers are," the paper states, echoing a common refrain among federal officials who have been making a public argument for a stronger government role in the cybersecurity of private sector critical infrastructure.

One way to set up a greater government role would be to create a "Cyber Center for Disease Control and Prevention," the paper states. A Cyber CDC would watch for threats and incidents, disseminate data, perform threat analysis, make recommendations and coordinate preventive actions, the paper adds.

The paper says that governance questions are not easily suggested, however, acknowledging that questions of liability (either for deploying countermeasures, or for failing to deploy them), who would have the power to compel action and to set policy as well as the role of state, national and international entities are all unanswered.

The paper solicits comments, sent to, and promises a follow-up paper that incorporates public observations and that "at a minimum, identifies key game-changing initiatives for each of the three building blocks."

For more:
- download the white paper (.pdf)
- read a blog post by Phil Reitinger, DHS National Protection and Programs Directorate deputy undersecretary on the white paper

Related Articles: 
JASON: Cybersecurity not really like the immune system 
OMB: Reported cyber attacks up 39 percent 
DIB active defense cybersecurity pilot near start