What’s next in cybersecurity automation
The automation of computer security, including patch management, intrusion detection and various forms of continuous monitoring, has become a requirement of cybersecurity tools and practices in the last couple of years.
The Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, which provides agencies with tools that help identify and mitigate cybersecurity risks, has been an important factor in bringing awareness of those technologies to government.
But that hasn’t stopped DHS from looking beyond the status quo and into the next generation of cyber defense systems. In the first of what it says will be a series of inquiries, DHS recently issued a call for ideas on developing what it calls the Enterprise Automated Security Environment or EASE.
In an initial request for information on the plan, DHS emphasized that “EASE is a concept; it is not an entity, system or program.”
Instead, “EASE envisions an environment in which automated enterprise-level cyberspace defense features – including sensing, decision-making and taking action – provide shared situational awareness in cyber-relevant time,” according to the RFI.
EASE aims to help the government improve its own cyberspace defense capabilities, benefiting from the enhanced interoperability and automation that EASE should create, according to the notice.
DHS said it began pursuing EASE when it became clear that current security practices were insufficient to prevent successful attacks, respond to attacks and remain resilient during attacks on government networks.
The department has also been motivated by the growing sophistication of electronic threats against government systems and the consequences of the failure to research next-generation tools now.
“The speed at which adversaries currently exploit networks and systems – faster than defenders can protect them – results in the theft of intellectual property, the compromise of data, distributed denial-of-service (DDoS) attacks and, in the worst case, significant disruption or collapse of [critical infrastructures] that underpin modern ways of life.”
Making the EASE concept a reality will require the concerted efforts of government and private sector interests, such as critical infrastructure end users, according to DHS, which called the series of RFIs a first step in this direction.
“In this ecosystem, cyber participants and devices are able to work together in near‐real time to anticipate cyber attacks, limit the spread of attacks across participating devices, minimize the consequences of attacks, and recover to a trusted state.”
DHS said it recognizes that achieving this level of coordination cannot be accomplished in a single step, but requires an evolutionary approach with extensive community collaboration.
It also noted that much progress has already has been made toward a more mature cyber ecosystem through the adoption of cybersecurity solutions such as the Structured Threat Information Expression (STIX), an effort to develop a standard language to represent cyber threat information.
DHS said it is at the beginning of the process of building-out the EASE concept. In a series of RFIs, the department plans to solicit input to further develop the concept. In the notices, it will address goals for EASE, including:
- Advance the state-of-the-art and foster continuous innovation for cyberspace defense across government and private sector systems and critical infrastructures.
- Provide cyberspace defenders of .gov and .mil networks with robust capabilities to improve the level of protection against all types of exploitation, increasing the cost of attacks for the adversary.
- Enhance the abilities of stakeholders to rapidly share data and information about threats.
- Offer technical frameworks that address interoperability and information sharing among private sector, state, local and tribal governments.
Other more operational goals of the program include:
- Enable automation of cyberspace defense activities in cyber-relevant time, where possible. Cyber-relevant time sets limits for effective cyberspace defense, ranging from nanoseconds to microseconds, seconds, or minutes.
- Expand the availability of interoperable cyberspace defense tools, tool suites and data as well as defensive best practices.
- Develop a modular, plug-and-play environment for cyberspace defense of .gov and .mil that supports new technologies from diverse existing and emerging vendors.
- Devise metrics to measure the effectiveness of cyberspace defense activities and quickly provide actionable feedback.
Connect with the GCN staff on Twitter @GCNtech.