The roots of cybersecurity don’t involve good-guy coders running around and typing furiously during an ongoing hack, as depicted in many Hollywood movies. Proper cybersecurity is decidedly unsexy, but regular upgrades to IT environments are key to ensuring networked resources are safe from cyberattacks.
The U.S. Navy’s Space and Naval Warfare Systems Command (SPAWAR) is undergoing tests with its most recent IT upgrades, according to an April DoD DIUx quarterly results memo.
“This project will deliver a flexible toolkit with advanced capabilities such as moving-target defense, self-healing containers, binary scrambling and honey pots/decoy environments,” the memo stated.
SPAWAR will get upgrades to its complex IT environment that include firewalls, packet inspection devices, multi-factor authentication and security logging services, DIUx said. The Pentagon program is working with Polyverse, a cybersecurity company based in Washington state that focuses on operating system security.
“Cyber protection capability providing warfighters significantly improved network security by obscuring vital services and data, thereby significantly decreasing the ability of advancing cyber threats to map, attack or exploit tactical systems,” according to DIUx.
Polyverse is implementing network security procedures for Windows and Unix operating systems and a mix of applications on various types of hardware — all without slowing down network and server performance.
The IT changes are meant to help service members prevent cyberattacks, but they’re also meant to help with real-time response. DIUx said there will be a centralized management console and a security information and event management systems (SIEM), which provides real-time analysis of security threats.
“Hacking today’s enterprise applications, systems and ‘internet of things’ (IoT) networks is a lot like playing lotto where the winning numbers are just sitting in that drawer, waiting to be stolen,” Polyverse stated in a company fact sheet. Polyverse declined to comment for this article, citing confidentiality agreements. “No matter how sophisticated an organization’s cyber defenses, if it’s valuable systems are static and unchanging, cybercriminals will eventually breach them and take the jackpot. Most hackers already know which numbers to play. ‘Zero-day’ exploits that are readily available on the dark web can breach most application and system technologies with ease, because no antivirus software signatures are yet available to defeat them.”
Honey pots, for example, work by putting out bait in the form of data. What hackers don’t know is that the honey pot is actually monitored by the SIEM system or another cybersecurity system, and the honey pot identifies and blocks hackers from other parts of the data once it’s accessed. The strategy has often been likened to police baiting a criminal or someone using a “cheese in a mousetrap” approach.
Binary scrambling works by scrambling the 0s and 1s used in a program or system’s source code so it is unreadable to a hacker. This is meant to disable zero-day exploits, which are undisclosed and unknown vulnerabilities that an organization did not plan to protect because it didn’t know it existed.
Another tool that will be implemented is self-healing containers. When an application starts to run in a way that it wasn’t designed to run — either due to a hack or another reason — the application often shuts down. But self-healing containers are able to fix that error themselves by reverting to their default settings, which can end an attempted hack and reduce the amount of IT repair work necessary.
“This toolkit will enable SPAWAR to deploy tools that are appropriate for the environment while providing flexibility in a ‘crawl, walk, run’ approach to reduce risk,” a DIUx memo stated.
This story has been updated to correct an attribution error.