Jen Q. Public: Looking for answers in cyber threat analysis
October is National Cybersecurity month, and cyber attacks are front and center in many conversations, news stories, television shows, blogs and social feeds. Just this past Sunday the first episode of Madame Secretary depicted a fictitious cyber attack on Airforce One. The attention is fitting; cyber criminals seem to be enjoying an open house for perpetrating their crimes. One Government Accountability Office report mentions the increase in security incidents reported by federal agencies that have risen “from 5,503 in fiscal year 2006 to 67,168 in fiscal year 2014.” That 2014 level amounts to nearly eight attacks every hour just on government entities. What are we doing to counter and mitigate these cyber attacks?
We hear a lot about who was attacked, when the attack started and even the initial and ongoing impact. However, what we don’t hear about very often are the penalties and ramifications for cyber criminals. Why aren’t we doing more to identify and apprehend cyber attackers? The more innovation that is applied to this problem, the more prevalent cyber criminals seem to become.
Organizations tend to flounder when trying to recover from a cyber attack and fortify their networks—the very networks that cyber criminals lounge in, feasting on private data for months before they saunter away unscathed. Meanwhile, when possible suspects are identified, they parrot the familiar refrain from the musician Shaggy: “it wasn’t me.”
One thing is certain; attribution is important. Identifying the criminals behind cyber attacks is imperative. Whether the perpetrator is an overzealous teenager or a nation state attack, identifying the attackers and learning about their motivations can help deter further attacks and minimize future attacks. Cyber threat analysis addresses this problem by exposing insights about cyber attackers, their intentions and their methods to proactively fight the cyber threats. Analysts and investigators can then extract comprehensive intelligence, in near real time, from disparate data sets.
A recent Senate Armed Services Committee statement of record by James Clapper, director of national intelligence, states, “Although cyber operators can infiltrate or disrupt targeted [information and communication technology] ICT networks, most can no longer assume that their activities will remain undetected indefinitely.” Cyber analytics provides the agility necessary to fight an equally agile criminal.
And that's analytics in the public sector through my lens. Until next time,