This year's 2016 AFCEA Defensive Cyber Operations Symposium provided the opportunity for industry, DISA, and other DoD agencies to collaborate on a number of security-related topics. It was apparent from the material presented that the time for an open, modular architecture for cybersecurity is now. An important part of this involves the incorporation of Intelligence, Surveillance, and Reconnaissance (ISR) within the multi-dimensional cyber domain. It's fortuitous that our DoD and intelligence community has mastered the art of ISR for land, sea, air, and space. Now we need to apply this practice to cyberspace, and they are asking industry for help.
Ask any security analyst and they'll tell you that tool sprawl has not helped, the same way that we've found that this same sprawl has created silos and islands of data throughout the rest of IT operations. This results in the proliferation of manually intensive coordination, drawn out war room sessions, and human error. This approach just doesn't work. There needs to be an open, standards-based, modular architecture defined and vendors must build their security tools (or platforms) against those standards.
An open, modular architecture for cyber ISR that addresses both today, and tomorrow's needs will enable better integration and automation. A modular architecture prevents vendor lock-in, allows for clear articulation of component requirements, and increases innovation – especially when paired with platforms that can be rapidly customized. As an example, I was once asked if ExtraHop could monitor SCADA – yes we can. It was a protocol decode module that one of our field engineers added with little effort and no need to contact product development. When this person responded that DoD did SCADA different from standard, the answer was simple: We would modify the decoder rule in the field to adjust to whatever that "DoD Standard" is.
"We Will Build It Ourselves!"
Vice Admiral Tighe, during her presentation at the event, mentioned that she's never seen technology advance as fast as it is today. She also stated that our newly commissioned Cyber warriors will require new and agile capabilities for increased cyber Situational Awareness. She urged industry to step up and work together. She mentioned – "if Industry won't build what we need, then we will need to build it ourselves". We're right there with you Vice Admiral Tighe!
Open, modular architectures and platforms that can adapt make up the core of our mission, our culture, and our products here at ExtraHop. We stand committed to supporting the initiatives involving a standard, open CyberISR architecture in collaboration with DoD and industry partners. We believe that IT Operations Analytics (ITOA) will be a fundamental part of these discussions. Wire data from platforms such as ExtraHop will prove to be a rich source of information, especially when it's 100% passive and can be deployed within the physical, virtual, or cloud infrastructures. We look forward to playing a pivotal role by harnessing the power of the network for increased cyber situational awareness.
This is a companion discussion topic for the original entry at https://www.extrahop.com/community/blog/2016/cyber-isr-needs-modular-open-systems-platforms/