For decades, federal agencies and other organizations have improved their responses to ever-more sophisticated and aggressive cybersecurity threats in essentially the same way. They use blocking and tackling, or more directly, detecting and responding.
Consider these common scenarios:
- A new zero-day threat comes along. Network activity logs show potentially nefarious activity.
- A security information and event management (SIEM) alert sets the security operations center into action.
- Due to employees working remotely, you see an increase in the number of IP addresses and unknown devices on the network.
For any of these potential situations, organizations protect, detect and respond by closing the vulnerable ports, performing patch management, and adding authentication procedures. In extreme cases, IT leadership may reduce the availability of applications and services until it understands and can respond to the threat.
By challenging the defensive approach that emphasizes detecting and protecting, government agencies can proactively operate to achieve mission objectives while navigating cyber threats.
Think of it like a football game. Two opposing teams face off, each trying to cross the opponent’s goal line while preventing the opponent from doing the same. It is analogous to two or more operating entities and cyber threats in a maneuver space. By acquiring the data and foresight to operate in this maneuver space, an organization creates a strategy of maneuverability.
Maneuverability changes your posture from a purely defensive one to a proactive and offensive stance. In essence, you run downfield, and with data analytics, collaboration and scenario modeling, you are able to maneuver around the threats. There are indicators and threat warnings that signal vulnerabilities and threats, both known and potential.
Shift the perspective, then the approach
In the football analogy, the offensive players scan the field, look for openings and try to advance the ball in spite of the direct opposition. In a federal agency’s cybersecurity operations, the organization is able to anticipate and model the potential threat scenarios that may inhibit their operations.
For this type of downfield foresight, an effective maneuverability strategy requires a few key elements:
- Comprehensive data gathered by scanning outside your enclaves and boundaries, into the zone between known and unknown—also called the gray zone. The gray zone consists of sources of data or information that are shared by agencies, on “watch sites,” and across the internet.
- Big data analytics from artificial intelligence to discover threat signatures and vectors forming long before they materialize as alerts in your security operations center.
- Advanced computing capability for faster and more efficient data analytics.
- A playbook of maneuvers and operations for threat warnings and scenarios. This can mean moving a workload to a different logical or physical location, or from one cloud to another. It can include data encryption as well. In some circumstances, you can deploy countermeasures to confuse and disorient the threat actors.
By building skills and capabilities to create maneuverability, federal agencies are able to focus on mission first, security always. It entails an early warning approach to threats, and orienting people, operations, data and analytics toward organizational objectives. In so doing, agencies gain the ability to expend equal energy on maneuvers.
In combining maneuverability with existing blocking and tackling techniques, a cyber program matures from threat detection and protection to a threat warning architecture that puts operations and security on equal footing. When applying artificial intelligence to big data that includes the environmental data and context, an element of predictive analysis becomes possible for data decisions. The fusion of data lets security resources and leaders see and understand threat vectors even before they materialize.
CGI is developing capabilities for government agencies to begin thinking about the future of cybersecurity. We challenge the norms and work with an organization to achieve its full potential. If you would like to continue this discussion or become part of it, please reach out. To learn more about CGI's cybersecurity services, visit the web.