Director, Federal Systems Engineering
Sep 28, 2016
There are marked differences in Federal and Commercial spaces. Some are characterized by organizational mandates, motivations or goals and objectives. Even their lexicons can be different with terms like mission vs. projects or enclave vs. domain. When it comes to security and survival, the word ‘critical’ represents two distinct meanings. In business, it’s commercial survival. For, U.S. military, however, it can represent much higher stakes: the nation’s physical survival.
While the contrasts may be striking, some of the methods used to achieve the security goals in these organizations are identical. One of them is User and Entity Behavior Analytics (UEBA). Moreover, in the military, malicious activity by hackers can have severe consequences far beyond loss of financial assets, intellectual property, or personal information. The military’s approach to manage their protection employs similar strategies to enterprises. Consider the following scenario we came across recently.
For the armed forces, a vast range of mission aircraft must undergo periodic preventative maintenance. Military operations groups need to certify that these highly sophisticated pieces of equipment are ready to go, to fly optimally at peak performance on a moment’s notice. They must go through the engine tolerance tests, onboard computer systems checks, navigation, communications and sensor systems checks. The list goes on. Implementing these certification tests all have a physical aspect, where technicians employ e-readers on their PED (portable electronic devices) to port the related data from the aircraft into their command networks. Maintenance specialists in operations centers complete the maintenance review processes and certification steps. Information on all of these aircraft system checks are correlated, centralized and monitored by operation commanders to assure the equipment they need to assign for a given mission is ready for service. Without this capability, and if an aircraft was dispatched for mission when it was not ready for service, both the pilot’s and passenger’s lives could be in jeopardy. The mission’s success would be in question.
What if these strategically sensitive data systems were the target of a foreign state-sponsored cyberattack? What if these hackers sought to compromise the systems managing the data for these maintenance certifications in unexpected ways? What if the goal was to find a way to compromise data in that system so that certifications were processed improperly? What if a crucial aircraft that was not ready to fly was actually certified for readiness and sent on a mission, because hackers changed the aircraft’s status? Finally, what if this was done exactly when the military needed to be on peak alert, and this compromise was achieved on a large scale, globally with numerous operational units? These scenarios are what information security officers in the military are constantly assessing, to assure with the highest confidence that at a moment’s notice, their systems and resources are ready to go.
To achieve this, they need to employ a mature UEBA solution that is of the highest reliability and allows them to globally monitor anomalous behavior in near real time. They need to see whether the wrong people are accessing sensitive data in the wrong way, from the wrong place. Without this kind of solution in place, the very safety of the nation is at stake. UEBA fills a critical gap in a growing number of advanced security systems. It’s part of the safety net numerous government agencies are implementing to assure that their mandate to protect the nation at a moment’s notice