Businesses need to look at security as a military operation

By , Network World |  Security, interop

LAS VEGAS -- Businesses need to look at security as a military exercise and can benefit from strategies that have proved useful in battle, a former military security expert told an Interop audience this week.

"This is a chess match," says Barry Hensley, a retired U.S. Army colonel who was in charge of the army's global network operations and security center. He is now vice president of Dell SecureWorks' Counter Threat Unit. "Can you lock down a network? Probably not. Can you defend a network? Yes you can."

ALSO FROM INTEROP: HP takes swipes at Cisco on Interop stage 

He recommends using a military combat concept called observe, orient, decide and act (OODA) that can give businesses a framework for detecting attacks quickly, figuring out what to do about it, doing it and moving on to deal with the next attack. "If you can OODA before the enemy can, I believe you can defend a network," Hensley says.

Enemies planning network attacks perform the same type of preparations that military commanders do before troop engagements, what he called operational preparation of the battlefield. In networking, that preparation translates into countries that are building cyber arsenals infiltrating networks in targeted countries.

The purpose is to have a place from which to launch some form of attack when it is deemed an opportune moment. "You get a foothold in as many networks as possible so they can use it at the time and place of their choosing," he says.

The analogy spreads outside international cyber conflicts he says. In the United Kingdom, he says, SecureWorks has had banks as customers that have departments named cyber warfare that ponder what the worst-case would be if a cyber attack occurred. The idea is for these departments to develop plans for coping with such attacks, he says.

He says some attackers test out their tools against one industry to see how well it does before going after their actual targets. For example, adversaries might try a certain form of malware against a healthcare provider, but really have as a primary target a financial services business.

He says he investigated a case of an attack launched from a cloud provider network against five contractors all working on the same project for the U.S. Department of Defense.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question