Opinion

The key to the nation’s cyber defense? Behavioral analysis

The Cyberspace Solarium Commission was formed to proactively combat these rising threats and establish the U.S. as a cybersecurity leader. Modeled after President Eisenhower’s Project Solarium initiative—established during the Cold War as a response to the Soviet Union’s growing influence—the Cyberspace Solarium Commission convenes the best and brightest in industry, academia, and government to develop recommendations on innovative ways to fortify our nation’s cyber defense systems.

The commission recently published 75 recommendations on how to upgrade cyber defenses, with a vision for shaping the next generation of the U.S.’s security posture in the cyberspace environment.

But there’s a big difference between Eisenhower’s Cold War initiative and what we’re facing today from a cyber risk perspective. During the Cold War, we knew our enemies. Today, those enemies could be anyone and anywhere—a nation state, a state-sponsored hacker group, or an independent collection of bad actors. They’re using every tool in their arsenals, including technology-oriented attacks like spear phishing and credential compromise, to social engineering and other clever tactics to target organizations’ weakest links: their people.

In this environment, it’s imperative that we heed the advice from the Cyberspace Solarium Commission and consider the benefits of a human and behavior-centric approach to cybersecurity. This will allow the government to use behavioral analysis to take a proactive and targeted response to fortifying our cyber defenses.

Moving beyond the traditional security perimeter

Behavior-centric cybersecurity involves understanding how human beings interact with data. The practice fuses analytical information from traditional security systems with contextual data from other sources, including travel logs, email or chat communications, and others. This combined information is used to draw a virtual profile of an individual user and their behavioral patterns. By detecting anomalies in these patterns, analysts can identify potential threats, including malicious insiders or external bad actors.

Behavioral analysis takes cybersecurity far beyond the realm of traditional perimeter defenses. It employs elements of cognitive science, human behavioral analytics, and human psychology. These disciplines allow us to better understand how humans work and interact with technology. Human beings truly are creatures of habit; if a person establishes a “normal” pattern of behavior, the chances are great that they will stick to that pattern. Any deviation can help security administrators focus on an action that may originally seem benign but may have nefarious intent behind it.

Behavioral analysis takes security beyond traditional defense methods and into a realm that allows organizations to pre-emptively manage risk based on actual human interaction with data. Understanding this intersection between humans and information and providing context behind how people interact with data is key to our nation’s security and should be a consideration for the Cyberspace Solarium Commission.

Adding context for better security

The commission is clearly committed to moving the state of the art for the U.S.’s cybersecurity posture. This is critical because while the aforementioned traditional defense methods, such as firewalls or digital loss prevention strategies, are still important, these threat-centric, all-or-nothing approaches can inundate managers with alerts that mask where the true threats lie. Adding a layer of defense fueled by behavioral analytics provides valuable context that allows organizations to separate truly malicious behavior from simple mistakes or lapses. They can then tailor their responses accordingly.

Even more importantly, a targeted, behavior-centric approach is fundamental to the proactive cybersecurity stance that the Cyberspace Solarium Commission is striving to achieve. By focusing security at the human level, organizations can proactively develop policies informed by behavioral trends, particularly among employees that may pose the highest risk. For example, a CIO who has direct access to sensitive information may prove a more enticing target to hackers than a lower level employee. Policies around who has access to what data, and their authorizations to use that data, can be created, allowing organizations to minimize the risk surrounding employees with direct access to classified and controlled unclassified information.

Innovation reequires change

Implementing forward-thinking cybersecurity strategies, such as behavior-based security, will require the government to continue to invest in research and development in the areas of human behavioral analysis and the cognitive sciences. This will necessitate the government working directly with business executives, psychologists, professors, and others. The Cyberspace Solarium Commission is a great step in the right direction.

The next step is to improve time to market for cybersecurity solutions. The federal government can be methodical to a fault; for evidence, look no further than NIST Special Publication 800-171, parts of which seem eerily similar to the government’s initial set of cybersecurity guidelines published in the 1980s. And procurement processes can drag on interminably, resulting in cybersecurity solutions being introduced a generation too late.

But today’s threats are much different than they were four years ago, let alone 40, and the landscape is quickly changing. The Cyberspace Solarium Commission is investigating ways of streamlining government accreditation and procurement processes for cybersecurity solutions so that those solutions can be purchased and enacted quickly to combat rapidly evolving threats.

Taking the cybersecurity lead

The U.S. government is the single biggest purchaser of cybersecurity technology in the world. Now, with the recommendations introduced by the Cyberspace Solarium Commission, it has the potential to match its purchasing power with real ideas and solutions that will make a widespread impact on cybersecurity initiatives.

Indeed, there is an opportunity to create innovative cybersecurity solutions and strategies that will positively impact the broader global community. We must embrace this opportunity and use it as a chance to move beyond perimeter-based, reactive, threat-centric approaches in favor of behavior-centric methods that put human nature at the forefront of cyber defenses.

Sean Berg is executive vice president and general manager of global governments at Forcepoint.

Recommended for you
Around The Web
Comments