US Government Acting against Cybersecurity Threats
While palming off incidences of Fake News like they were annoying bugs, US President Trump is taking cyber-attack threats much more seriously. On May 11, 2017, the President issued Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure”. The US Department of Commerce, Homeland Security Release Preliminary Report on Promoting Action against Botnets and Other Automated Threats was commissioned to “lead and open a transparent process to identify and promote action by appropriate stakeholders”. The report was launched on May 11, 2017 with the aim of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g. botnets).”
The US report places a key focus on those organizations that provide Internet services for business and the general public—the Communications Service Providers (CSPs). And it will be those CSPs, with their fingers on the Internet feed pulse who can provide network intelligence based on Deep Packet Inspection (DPI) and who sit at the forefront of the battle against cybercrime. Additionally, those CSPs that can provide scalable IoT and user security solutions will further bolster themselves as Masters of Security in the war against those elements in society that would use the Internet as a gateway to infiltrate and harm governments, industry, and the individual.
Key among the proposals made by the Executive Order include the following:
- Security should be adaptable to meet the needs of an evolving Internet. As the types of threat facing Internet users change at a blistering pace, those who seek to provide solutions to cybercrime must stay ahead of the game. Not only must they be aware of novel forms of cyberattack, but their solutions must adapt to new threat vectors rapidly and effectively. Recently, a new form of malware attack called cryptojacking involved cybercriminals accessing the CPUs of infected computers and mobile phones and stealing processing capacity for cryptomining. Such attacks are best controlled at the edge of the network and CSPs are ideally placed to take up position as defenders of that space.
- Security must be applied at all stages of the Internet data lifecycle. With the increasing sophistication shown by those who would attack Internet infrastructure and extort money from Internet end users, there is a necessity to secure all network vulnerability points. Whether attacking a home network, endpoint devices, or the website of a large government institution, cyber defense must be implemented at all layers of the value chain.
- Effective cyber defense tools exist, but they are not widely used. Traditional uptake of cyber defense solutions by individual end users has been notoriously poor. Technical challenges and unwillingness to invest are the two main reasons why end users remain exposed. The ideal solution would be to put the onus on CSPs to provide Security Services for the mass market that are transparent and simple to consume by the unskilled public.
President Trump’s Executive Order is a most welcome event as it spotlights the ongoing risks faced by endpoint Internet users and their service providers. It also raises awareness of the steps necessary to combat cybercrime. Traditional models of endpoint anti-virus protection have been found to be lacking and irrelevant for IoT, and it is CSPs who are in the best position to respond to threats from cyberattack. Their unique position in becoming “Masters of Security” – being able to directly analyze and remove malicious network traffic before it reaches the end user – shall provide their consumer and business customers peace of mind when on-line.
To learn about how to become Masters of Security, visit the Allot booth 5G41, Hall 5, at MWC2018 in Barcelona.