Applying military insights to enterprise data security: the application of time-tested military approaches can help address evolving computer security threats for enterprises and government.Over the centuries, military and intelligence organizations have developed sophisticated doctrines and procedures relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc physical and information security. These doctrines address a range of concerns including ambush, spies, maneuver, counter-intelligence, mutiny mutiny, concerted disobedient or seditious action by persons in military or naval service, or by sailors on commercial vessels. Mutiny may range from a combined refusal to obey orders to active revolt or going over to the enemy on the part of two or more persons. and force protection. Today's enterprises and government agencies have migrated to highly networked computing systems, with nearly all critical functions reliant on computing resources. This evolution has delivered higher productivity, but at the same time has created dramatically higher exposure to electronic attacks. Concern over information assurance has never been higher, and the range of acknowledged threats is growing: disgruntled dis·grun·tle tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles To make discontented. [dis- + gruntle, to grumble (from Middle English gruntelen; see insiders, viruses/ worms, corporate espionage, script kiddies, cyberterrorism See cyberwar and information warfare. , and information warfare Also called "cyberterrorism," it refers to creating havoc by disrupting the computers that manage stock exchanges, power grids, air traffic control and telecommunications. While the term often deals with attacks against a nation, it may also refer to attacks on organizations and the in conflicts of the future. In many senses, computer security already resembles a guerrilla war. Today, largely invisible enemies launch daily attacks on nearly every major corporation and government agency, and rapidly adapt their tactics to address countermeasures That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. See also electronic warfare. . This article highlights a number of time-tested military principles that can be applied by corporations and other organizations to prepare for such electronic warfare Noun 1. electronic warfare - military action involving the use of electromagnetic energy to determine or exploit or reduce or prevent hostile use of the electromagnetic spectrum EW military action, action - a military engagement; "he saw action in Korea" . MULTI-LEVEL SECURITY: Intelligence organizations use MLS See multilevel security. to manage and streamline access to data. By classifying each piece of data, and establishing the related levels of trust among individuals (e.g., unclassified un·clas·si·fied adj. 1. Not placed or included in a class or category: unclassified mail. 2. , secret, top secret), these organizations balance risk with speed of information sharing See data conferencing. . Typically, civilian organizations lack the same discipline around information sharing. For organizations that deal with sensitive or regulated data, a more structured approach to assessing trust and granting access can be used to more tightly manage risk. COMPARTMENTALIZATION: This principle is reflected in nearly every aspect of military organizations. For example, a captured special ops team does not know the locations of other units, in order to minimize risk. Often, analysts and planners have access to only a subset of the "whole picture" and, similarly, a submarine uses physical compartments to contain the damage from a hull breach. With the move towards aggregated and networked storage, non-military organizations are increasingly at risk of massive breaches. In fact, a single breach of networked storage can yield terabytes of data and in many cases can be executed without detection. By using physical or cryptographic compartmentalization, organizations can reduce the exposure of any single breach. Typical approaches include compartmenting information by functional area (Finance, Engineering, Executive), by business unit, or by customer. NEED-TO-KNOW: Military planners understand that the risk of leaks increases exponentially with the number of people who have information. Accordingly, sensitive data is distributed to only those who need it, and access to data is documented and audited. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the FBI, 50%-80% of electronic attacks originate inside the firewall. Even though the vast majority of employees are honest and trust-worthy, a single hostile individual can inflict massive damage. Instead of starting with the assumption that all data should flow freely among employees, organizations should invest in processes and systems to manage access to sensitive data, and ensure accountability. Fine-grain access controls can be used to provide flexible access to the data without disrupting user workflow or applications. [ILLUSTRATION OMITTED] CRYPTOGRAPHY: As early as the Roman Empire, military organizations have used cryptography to protect sensitive data. Traditionally, cryptography was applied primarily to communications and data in flight; increasingly, sensitive data at rest is being protected with cryptography. For highly networked environments facing a variety of external and internal threats, cryptographic security is a necessity. In today's networks, the volume of data in transit (megabytes) is dwarfed by the volume of data in storage (terabytes). Computer security experts increasingly recommend encryption for protecting stored data. DEFENSE IN DEPTH: Realizing that any single layer of defense can be defeated, military and intelligence security experts typically deploy layered defense strategies. In light of the growing insider threat, and the growing number of holes in the network perimeter (VPNs, contractors, partner networks), enterprises can no longer assume that their firewall or intrusion detection system This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. is sufficient. Critical data and systems must be compartmentalized com·part·men·tal·ize tr.v. com·part·men·tal·ized, com·part·men·tal·iz·ing, com·part·men·tal·iz·es To separate into distinct parts, categories, or compartments: "You learn . . . and protected within the perimeter. This is a challenging proposition since certain insiders, typically IT administrators, enjoy "super-user" privileges and unlimited access to data and systems. Organizations should closely review their infrastructure and implement security in layers, ensuring that sensitive information is fully protected. CONCENTRATION OF FLOW: Military checkpoints and border crossings funnel all traffic through aggregated control points. These locations typically have a concentration of security forces, and the ability to authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate. (2) To verify (guarantee) that data has not been altered. and document all traffic. Simplicity equals security. Many system vulnerabilities today stem from complexity; administrators cannot watch all of the different attack vectors. Security approaches that can simplify the security model and close down attack vectors can reduce an organization's risk of attack, while improving the chances of catching the attacker. Best case scenario: one way in, one way out. ROLE SEPARATION: Many military procedures include checks and balances among multiple individuals to ensure that no single individual can sabotage or usurp u·surp v. u·surped, u·surp·ing, u·surps v.tr. 1. To seize and hold (the power or rights of another, for example) by force and without legal authority. See Synonyms at appropriate. 2. the mission of the organization. Critical functions such as nuclear weapons command or air strike operations require multiple people in different functions to concur and approve an action. Organizations with sensitive data may wish to eliminate single points of vulnerability, but many security managers today find that they do not have the tools to extend security policies into the storage infrastructure. Implementing role separation can help. For example, an IT organization may establish separate roles for security administrators and system administrators. Access to sensitive customer data, or sensitive administrative changes to systems, should require approval from multiple functional managers. TWO-MAN RULE The two-man rule is a control mechanism designed to prevent accidental or malicious launch of nuclear weapons by a single individual. In the case of a missile silo command crew, both operators must agree that the launch order is valid, and must each complete a set of tasks : This is a corollary to the Role Separation doctrine. For critical operations, two individuals must exercise authority to act. The classic example: nuclear silo operators turning two keys simultaneously to launch a missile. Critical systems should never be designed with single points of failure or vulnerability. For sensitive operations, such as accessing archived data or recovery of failed systems, a quorum A majority of an entire body; e.g., a quorum of a legislative assembly. A quorum is the minimum number of people who must be present to pass a law, make a judgment, or conduct business. of trusted employees can be used to ensure that no individual can defeat security. TWO-FACTOR AUTHENTICATION The use of two independent mechanisms for authentication; for example, requiring a smart card and a password. The combination is less likely to allow abuse than either component alone. See authentication. : Access to secure facilities almost always requires both knowledge (what you know, e.g. passwords) and official identification (what you have). Increasingly, token-based or biometric systems (who you are) are used to prevent forgery of credentials. For sensitive systems, traditional username/password mechanisms are too weak. Humans are simply not good at choosing strong passwords, and there are many well-known instances of this sort of attack. In the case of computer systems, administrative functions are the most sensitive, because they typically enjoy access to all data and security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security . Implementing two-factor authentication methods can significantly reduce the possibility of common spoofing attacks. KEY ROTATION: Physical and cryptographic keys are regularly rotated to limit the duration of exposure in case of a breach. Following a confirmed or suspected breach, keys can be instantly revoked or invalidated in·val·i·date tr.v. in·val·i·dat·ed, in·val·i·dat·ing, in·val·i·dates To make invalid; nullify. in·val . Enterprise and government security systems must have the infrastructure to regularly or instantly rotate keys, including both physical tokens and electronic or cryptographic keys. This infrastructure includes mechanisms for cataloguing the database of keys needed to access archived data. KILL-SWITCH: In military practice, it is common to protect systems that can be physically breached or overrun with some type of kill-switch mechanism to instantly destroy sensitive data or technology. The U.S. spy plane that was forced to land in China provides a good example of the need for electronic kill-switch capabilities. Computers and storage systems that are physically insecure pose a difficult challenge to enterprises as well. Even the best firewall settings are irrelevant if an attacker can simply remove terabytes of cleartext data on disk drives. For physically insecure systems, it is advisable to make the default state of data secure, using encryption. Smart cards Example of widely used contactless smart cards are Hong Kong's Octopus card, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate the ISO/IEC 14443 standard. The following tables list smart cards used for public transportation and other electronic purse applications. and cryptographic keys can be destroyed much more quickly and reliably than terabytes of cleartext data. DOCUMENTATION AND AUDITING: Military organizations are notorious for extensive paperwork and documentation. However, when dealing with sensitive information that could cost lives or lose a war, this layer of accountability and deterrent is a smart investment. Organizations must find ways to automate and harden their systems that track access to sensitive data. In the case of typical Unix and Windows systems, electronic logging and auditing functions are easily defeated by any user with "root" or administrator privileges. Secure logging and auditing systems that are tamper-resistant and cryptographically signed add a layer of deterrent on top of actual security. Organizational Implications Security-conscious organizations must create processes to constantly evaluate systems, evolving attack tactics, and overall risk profile. Several practical implications emerge: * Designate a "Chief Security Officer" that has the training and resources to manage security on an ongoing basis. Security is a process, not a one-time project. * For individual operating units, designate a trusted "security administrator" to manage sensitive systems that protect the overall organization. For smaller organizations, this role may overlap with other responsibilities, but ideally this role separation can create checks and balances for administrative staff. Use strong authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. to ensure the integrity of this role separation. * Design systems that can shield sensitive data from administrators. In light of the growing insider threat, and the almost unlimited system privileges that root users enjoy, this is a major exposure point for every organization. Centuries of experience, high stakes High Stakes is a British sitcom starring Richard Wilson that aired in 2001. It was written by Tony Sarchet. The second series remains unaired after the first received a poor reception. , and organizational discipline have helped military and intelligence organizations create sophisticated security doctrines. The design and execution of these doctrines is never perfect, but they nonetheless hold valuable lessons for organizations that are increasingly sensitized sensitized /sen·si·tized/ (sen´si-tizd) rendered sensitive. sensitized rendered sensitive. sensitized cells see sensitization (2). to the importance of security. Through a combination of strategy, process, and systems, civilian organizations can use these lessons to make profound improvements in their security posture. www.decru.com [c]2004 Decru, Inc. Used by permission. Kevin Brown The name Kevin Brown can refer to several different people, including the following:
|
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion