WHY THIS MATTERS IN BRIEF
As the volume and severity of cyber attacks increases, and as AI powered cyber attacks emerge, this is the first major step towards large institutions automating their cyber defense.
Experts in the cyber security field are all too aware that we are rapidly approaching a tipping point, one where the latest cyberattacks are fuelled by Artificial Intelligence (AI), and where Robo-hackers, capable of operating millions of times faster than their human equivalents, slice through an organisations toughened defences like a hot knife through butter, and this is giving them an even bigger headache than the one they had before. Step back just a couple of years ago and the vast majority of incidents were, in one way or another, handled by humans, but as the frequency, volume and voracity of attacks rise almost exponentially most organisations now realise that at some point, sooner rather than later, they’re going to have to embrace autonomous cyber security tools that identify and counter threats automatically, without the need for human intervention.
In response to this threat hundreds of US banks and other financial institutions this week approved and agreed to adopt a new cyber security framework called the Integrated Adaptive Cyber Defense System (IACD), and what sets this framework apart from everything else that’s preceded isn’t the fact that it’s an officially recognised standard, but the fact that it is primed and ready to help move institutions from the old, manual world of cyber security, to the new world of full auto.
“When you go to the hardware store to buy plumbing supplies, you don’t have to wonder ‘Will this fit with the plumbing I already have in my home?’ because there are universal standards,” said Tony Sager, Senior Vice President for the Center for Internet Security.
The idea of IACD is to bring that same standards based approach to cybersecurity, explained Sager, who was a senior executive at the National Security Agency (NSA) for many years. Government entities like the Pentagon and industries like banking “spend millions on these tools … and then they can’t work together,” he said, because of completely different architectures or proprietary interfaces.
Many of the latest tools come equipped with an Application Programming Interface (API), which essentially acts as a software portal that allows other tools to integrate with each other, but Sager is quick to dismiss that approach as a jury rigged solution.
“That’s like, I’m a builder and I publish specs, here’s the kind of pipes you need to connect to the plumbing in the houses I build. No. Not good enough,” he said.
IACD, which was developed by scientists at the Johns Hopkins University is an attempt to fix that problem at a deeper level. Already adopted by the Financial Services Information Sharing and Analysis Council (FS-ISAC) by ensuring that software performing different automated security tasks was integrated, the IACD framework “helped reduce investigation and response time from 11 hours to 10 minutes,” the council said in a statement. In some cases, automated systems were able to respond it as little as one second. IACD also enabled a security operations team handling 65 events per day to automatically process up to 95 events at the same time.
One element of IACD is the Department of Homeland Security’s Automated Indicator Sharing program that pumps threat and attack indicators out at machine speed to participating organizations. Another is OpenC2, an open source programming language that lets the different elements of a cyber defense system communicate in real time, and a third is Security Content Automation Protocol (SCAP), a set of specifications that helps integrate and automate configuration, vulnerability and patch management systems.
“We are pleased to support the IACD framework,” said Jason Witty, US Bank Chief Information Security Officer and FS-ISAC board of directors Vice Chair, “it represents the best of public private partnership … to make the financial critical infrastructure more secure. Rather than reinventing the wheel each time, IACD builds on lessons and investments DHS made, adding tools and innovations.”
“We absolutely believe that we can change the game on cyberdefense,” IACD lead Wende Peters told a conference at JHU-APL last month, but she added, the game-change wouldn’t be wrought through amazing technological breakthroughs.
“It starts with non-exciting, not-going-to-change-the-world [or] split-the-atom kinds of technologies … It is about leveraging what we already have … through integration,” she said, before adding, “by ensuring an organization’s different cyber tools, from endpoint solutions, network monitoring and perimeter defences, all work together seamlessly, in real time and at machine speed, IACD can transform the defensive posture of any organization.”
But there have historically been few incentives for vendors to make their products work nicely together, Sager pointed out. In fact, the incentives have generally pointed in the other direction, if anything.
“Every vendor wants to lock you in,” he said, to make sure that you have to keep buying their products and services, “and for many years the integration engine was human beings.”
Given the wide variety of approaches and different kinds of technologies that cybersecurity vendors employ, Sager said, network managers and system administrators wanted and needed to be able to buy a variety of solutions from different companies.
“I want to use multiple vendors, but I want their products to talk to each other,” he said.
“I don’t want a new solution out of the box that has to be integrated with all my other tools. We need to pull things that work together,” agreed Peters.