Is the U.S. ready for government-sponsored cyberattacks?
If there’s a sudden cyberattack on the U.S. Navy, Jim Granger could be among the first to know since it’s his job to keep watch.
“We monitor the Navy’s grid,” says Granger, who is director of capabilities and readiness at the Navy Cyber Defense Operations Command in Norfolk, Va., home to the Naval Network Warfare Command. Granger works with a team of cyber-defense operations specialists in a security operations center, hunkered down behind computers to keep an eye on networks the Navy uses -- such as the Navy-Marine Corps Intranet -- both on land and at sea.
Distributed intrusion-prevention and firewall sensors send real-time data to be analyzed by what the Navy calls its Prometheus system, which includes the Novell Sentinel security event management system and SAS data management tools.
There are hundreds of thousands of alerts each day, though “not all are necessarily attacks,” Granger says. The Navy’s Cyber Defense Command Center is, in some respects, like a security operations center at a large organization in the commercial sector, he says.
But this is the U.S. military, which has to be prepared to protect the nation and is dependent on networking to do that. Robert Lentz, assistant secretary of information assurance at the Department of Defense, recently made that point when he said that without network support, aircraft couldn’t fly. The Army and Air Force also have their own cyber-defense command operations, and they strive to work together through the Joint Task Force – Global Network Operations (JTF-GNO).
But how can the individuals in any cyber-defense operations command be sure about the exact nature of an attack? Is it coming from an enemy state or militant groups such as Al-Qaeda or simply a lone attacker who has put together an arsenal of network attack tools?
“We’re trying to winnow the massive data stream to something that is actionable,” Granger says. “We have to provide network-domain awareness” to the technical analyst on up to the four-star general. But while the Navy can see the attacks and block them through various means, pinning down attribution “is extremely difficult,” Granger notes.
Granger’s sentiments on that score aren’t unique. Security experts tend to agree that while attacks of all sorts can often be traced back to certain IP addresses, being absolutely certain of the source of an attack is another problem altogether.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
