THE UNITED STATES CURRENT CYBER DEFENSE LANDSCAPE OVERVIEW
By Victoria Loewengart
Cyber security had become an issue of outmost importance in recent years. The daily existence of our country, as well as the world, is tightly integrated with computer networks and the internet. Our industries, governments, military and financial institutions cannot function without rapid exchange of data over the networks. That gives us communication and data processing capabilities unprecedented in the history of mankind, but the disruption of these systems can go as far as halting not just these institutions, but our way of life. Thus, cyber security and cyber defense go far beyond having the right software and hardware. Cyber security has to be a holistic approach to defense in cyber space, and it must encompass political, structural, and organizational aspects of our networked civilization.
America’s Computer Network Operations (CNO)
In order to understand the challenges in the cyber defense area for the United States, one must evaluate its Computer Network Operations (CNO) capabilities and address the US capabilities in each of the three subcomponents of CNO: Computer Network Defense (CND), Computer Network Exploitation (CNE) and Computer Network Attack (CNA).
Computer Network Defense (CND) is defined as, ‘defensive measures to protect information, computers, and networks from disruption or destruction’ (Paul 2008). The United States made considerable strides in the last decade in improving CND capabilities. These capabilities include both ‘hard’ and ‘soft’ measures.
‘Hard’ measures, which have been implemented within military and civilian infrastructures, are network software- and hardware- related defenses. These measures include hardware devices and software firewalls to physically prevent unauthorized access to the sensitive information, public key infrastructure (PKI), virus scanners, honeypots and honeynets, secure applications, sophisticated encryption, and biometrics for secure access – to name a few (Armistead 2004; Paul 2008).
‘Soft’ measures are measures related to people and to human behavior. It has been acknowledged that many network vulnerabilities are created or exploited by insiders, either out of carelessness and ignorance, or with malicious intent (Armistead 2004; Paul 2008). Therefore, soft measures involve policies and procedures, such as strong passwords, proper steps in access and usage of secure systems, astute COTS and GOTS purchasing practices, preemptive knowledge of potential hackers and their methods, security clearances of the personnel, and enforcing the ‘security culture’ (Armistead 2004).
It only takes one successful cyber attack against our military or industrial infrastructures to become the top story in the news, but cyber attacks on our military and civilian institutions are numerous and vicious. Defense Department (DoD) systems are attacked 75,000 times per year with intrusion attempts (Lasker 2005). Attacks come from all over the world, with China being one of the most prolific and persistent attackers.
Reactive defenses, such as fire-walls and anti-virus checks are no longer enough. In order to be more effective, the US CND must become more proactive. Honeypots and honeynets are the steps in the right direction. Research on counterattacking, also known as aggressive self-defense, active defense, or strike-back, has taken place for many years (Weeks 2011). The counterattacks range from passive approaches to full remote exploitation. Many antivirus firms and other research organizations have run large honeynets to collect malware and attack signatures (Weeks 2011). These organizations research and implement counterattacks to deceive, crash, exploit, or just get information on attackers.
Computer network Exploitation, CNE, is essentially an extension of Signals Intelligence (SIGINT), or more precisely Communications Intelligence (COMINT). CNE is all about exploitation of