MeriTalk hosted its fourth annual Cyber Security Brainstorm Wednesday and packed the conference center at the Newseum in Washington, D.C., with government and industry cyber security experts who braved gridlock-inducing security restrictions put in place during the Pope’s visit so that they could share the latest best practices in cyber intelligence, combating the insider threat and a variety of other current topics.
I picked up some interesting insights during sessions on threat intelligence and mitigating the insider threat. Here’s a look at my top four Cyber Security Brainstorm takeaways.
- Lots of threat data isn’t always a good thing.
“The threat data is great, it’s coming in,” said Brad Nix, deputy director of the Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT). “But when you get down to some departments and agencies…all of that threat information is actually detrimental. It will choke their efforts.”
Nix recommended that agencies look into application directory white listing, patching apps and operating systems, restricting administrator privileges and network segmentation. But he admitted that white listing can be “absolutely onerous.”
- USMC will soon have a comply-to-connect solution in place.
The United States Marine Corps wants to make sure it knows what systems are connecting to its network and what vulnerabilities those systems may be introducing. So, its Comply-to-Connect program will check system configurations and ensure systems meet minimum security standards.
“If it’s [a critical system] and doesn’t comply, then it will be isolated,” said Col. Gregory Breazile, the director of the Marine Corps’ C2/Cyber & Electronic Warfare Integration Division. “Very soon we will have a comply-to-connection solution.”
- CDM Dashboard will provide visibility boost.
The DHS Continuous Diagnostics and Mitigation (CDM) Dashboard contract awarded in April will be deployed by April 2016, according to Jeff Eisensmith, DHS’ chief information officer. And the visibility it will provide across the 350,000 users at DHS will be truly impressive. “The dashboard will allow visibility at the enterprise [Security Operations Center] level down to individual machines” at component agencies, Eisensmith said.
- DIA’s insider threat program.
Known as “The Hub,” the Defense Intelligence Agency’s insider threat program is what Steven McIntosh, DIA’s Insider Threat Program Coordinator, calls a “discipline-neutral entity.” That means it makes an effort to avoid competition or duplication with the operational side of the insider threat detection and elimination effort – primarily counterintelligence and law enforcement.
DIA went as far as to create unique job categories for members of “The Hub” insider threat program, and even brought in an operational psychologist who sits with analysts and helps analyze insider behaviors. The goal is to not only identify malicious insiders on the network, but to also identify employees who may need additional training or human resources intervention.
Members of “The Hub” work directly with counterintelligence analysts and investigators from the Inspector General’s office, but their mission is focused on mitigating risk, which is one of its strengths, according to the Department of State’s Insider Threat Program Coordinator Stephen Smith.
“The insider threat program can’t be a witch hunt,” Smith said.