WORCESTER, Mass., Sept. 5, 2002 – Michael J. Corby, president of QinetiQ Trusted Information Management, Inc. (www.qinetiq-tim.com) was recently the keynote luncheon speaker at Sector 5, a security summit focusing on the prevention of cyberterrorism.
QinetiQ Trusted Information Management, Inc. (QinetiQ-TIM) offers a complete range of security solutions to meet and manage the needs of organizations today. The company is a subsidiary of QinetiQ PLC, Europe’s security and defense technology organization.
Speaking to an audience of business and security leaders and analysts including Richard Clarke, chairman of the President’s Critical Infrastructure Protection Board, Corby offered insight about how preparing for, guarding against cyberterrorism has evolved over the past year.
Until recently, there was a belief that cyberterrorism had such a negligible chance of actually occurring that managers or technicians who attempted to discuss responding to computer terrorism were not taken very seriously. Unless the business mission was directly involved in military defense, or had politically volatile roots, cyberterrorism was not mentioned as a concern worth occupying time or budget.
“By viewing cyberterrorism as an inevitable event, not as a possible event, we can reorganize and reallocate our efforts to be more effective,” explains Corby. “We can actually be more precise in answering how will it happen rather than wondering if it will happen. This moves the industry from a model of Intrusion Detection to that of Intrusion Management.”
There is a new focus on the activities of organized terrorist groups. Terrorists are technology-savvy groups of specialists who can initiate a distributed denial of service attack as easily as they can strap a couple sticks of dynamite to a suicide bomber.
Corby offered Five Key Cybersecurity Tips:
1. Focus on the fact that you are a target. This is especially true for part of the Government and the 5 sectors of critical infrastructure: finance, health and safety, communications, transportation or public utilities.
2. Implement a full-scope Intrusion Management Strategy, not just Intrusion Detection. Security must be taken in a holistic business sense. Understanding, planning, managing, detecting, responding, recovering and replanning, not just detecting, is critical to survival.
3. Understand that patterns evolve, and are not a surprise or unknown event. Before a system can be compromised, an attacker needs to identify the perimeter defense and needs to find a weakness in that defense that allows them to gain access to a meaningful application. The organized attack needs to use these vulnerabilities to gain access and take command of crucial operational elements: facility control, private data storage, or commercial account management data. There are several telltale signs that occur as a prelude to the full attack. The earlier that those signs are recognized and corrective actions taken, the better the likelihood of successfully removing vulnerabilities, changing security weaknesses and ultimately resisting the security attack.
4. Humans can recognize patterns faster than they can analyze data. Huge volumes of data often cannot reveal what analog patterns can reveal. The human mind can instantly recognize the pattern that these data elements describe. Let the computer store and organize data, which it can do best, but let the human brain spot the offending pattern, its key strength. Successful Event Recognition systems don’t rely solely on hardware and software. They use that hardware and software to aid and assist a trained, experienced human expert.
5. An architecture must be resilient and easy to update. Cyberterrorists and attackers intelligently mutate their attack signatures; utilizing alternate channels. It is important to be able to change recognition methods and procedures for repelling such attacks quickly and effectively. There is not enough time to buy new equipment or change a software platform. The solutions implemented must have the flexibility to morph itself to provide an ever stronger, and unpredictable defense.
“We should mark the year 2002 as the start of the Full Business Scope, Intrusion Management Model era of cyber defense,” says Corby.
About QinetiQ Trusted Information Management, Inc.
QinetiQ Trusted Information Management, Inc. (QinetiQ-TIM) offers a complete range of security solutions to meet and manage the needs of organizations today. Headquartered in Worcester, Massachusetts, QinetiQ-TIM (www.QinetiQ-tim.com) is a subsidiary of QinetiQ PLC, Europe’s security and defense technology company.
QinetiQ-TIM services include Security Consultancy, Managed Security Services, Incident Response Team Services, Data Recovery and Forensics Laboratory Services, Vulnerability Assessment Services, and Training & Education Services. All of QinetiQ Trusted Information Management security services have a formidable reputation for technical and professional excellence and trusted delivery, and have attracted a client base including banking, finance, pharmaceutical, major oil, travel, leisure and government organizations.
QinetiQ Trusted Information Management benefits from the legacy of over 60 years of edge technology experience and resources from QinetiQ, PLC, as well as the heritage of the world-class security experts and teams from companies such as Netigy Corporation and “big” consulting companies. Members of QinetiQ Trusted Information Management’s team are among the best-known information security practitioners in the business, many with over 20 years of experience, well-respected publishing and teaching histories and a wealth of proprietary intellectual property.
Source: QinetiQ Trusted Information Management, Inc.