Is the U.S. ready for government-sponsored cyberattacks?
If there’s a sudden cyberattack on the U.S. Navy, Jim Granger could be among the first to know since it’s his job to keep watch.
“We monitor the Navy’s grid,” says Granger, who is director of capabilities and readiness at the Navy Cyber Defense Operations Command in Norfolk, Va., home to the Naval Network Warfare Command. Granger works with a team of cyber-defense operations specialists in a security operations center, hunkered down behind computers to keep an eye on networks the Navy uses -- such as the Navy-Marine Corps Intranet -- both on land and at sea.
Distributed intrusion-prevention and firewall sensors send real-time data to be analyzed by what the Navy calls its Prometheus system, which includes the Novell Sentinel security event management system and SAS data management tools.
There are hundreds of thousands of alerts each day, though “not all are necessarily attacks,” Granger says. The Navy’s Cyber Defense Command Center is, in some respects, like a security operations center at a large organization in the commercial sector, he says.
But this is the U.S. military, which has to be prepared to protect the nation and is dependent on networking to do that. Robert Lentz, assistant secretary of information assurance at the Department of Defense, recently made that point when he said that without network support, aircraft couldn’t fly. The Army and Air Force also have their own cyber-defense command operations, and they strive to work together through the Joint Task Force – Global Network Operations (JTF-GNO).
But how can the individuals in any cyber-defense operations command be sure about the exact nature of an attack? Is it coming from an enemy state or militant groups such as Al-Qaeda or simply a lone attacker who has put together an arsenal of network attack tools?
“We’re trying to winnow the massive data stream to something that is actionable,” Granger says. “We have to provide network-domain awareness” to the technical analyst on up to the four-star general. But while the Navy can see the attacks and block them through various means, pinning down attribution “is extremely difficult,” Granger notes.
Granger’s sentiments on that score aren’t unique. Security experts tend to agree that while attacks of all sorts can often be traced back to certain IP addresses, being absolutely certain of the source of an attack is another problem altogether.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
