Security means knowing your network better than your attackers or your users: ex NSA head – CSO Australia

Australian debate on encryption based on a very thoughtful question about visibility of governments own insider threat

Governments must be held to higher standards than commercial entities when it comes to protecting citizens privacy, a former deputy head of the US National Security Agency has said while noting that increasingly complicated threats have nonetheless necessitated a fresh look at security and privacy.

Few know this better than Chris Inglis, a career US military officer who served as deputy director of the NSA for 8 years and presided over the ignominious mass information leak by Edward Snowden. Snowdens actions which Inglis has previously said showed a lack of courage drew attention onto the NSA and its mass surveillance programs, which eventually led to changes in the NSAs remit and even bigger problems when NSA-developed exploits were this year leveraged to enable the mass WannaCry and Petya malware attacks.

Snowdens compromise, and the significant shift in government transparency that Snowdens revelations about mass surveillance occasioned, has been a defining force in reshaping the information-security dialogue between public and private sectors. Recent years have seen governments in Australia and elsewhere moving to formalise their cybersecurity defences, as well as the rapid maturation of a security community that has tapped novel technologies to respond to the growth in low and slow infiltrations used by malicious insider like Snowden.

Because they are familiar with installed defences, such insiders have proven uniquely able to avoid tripping conventional alarms. And this, says Inglis, has laid out the extent of the problem facing companies and government agencies alike.

Weve got to move from episodic defence at choke points, to a continuous understanding of whats happening on these networks such that we can detect anomalies or bad activities the first time it happens, he explains. Its no longer good enough to react well; you have to anticipate well.

Inglis comments mirror those of Australian government cybersecurity advisor Alistair MacGibbon, who has frequently and publicly called for change in our collective approach to security. Security vendors have been on the same page, with analysts warning years ago that Australian companies are thinking reactively more than in an agile way. This requires engagement from the business yet even as hackers get more professional about their approach to breaching security, some CSOs had struggled to make the same progress in getting the executive support they need.

This had led many companies into a similar situation as the one that Inglis and his peers faced at the NSA where companies find themselves compromised and trying after the fact to figure out where they had gone wrong. With Australian businesses recently ranked as the most likely in the world to deploy data loss prevention tools after a breach rather than before one its a lesson that many companies will continue to learn the hard way.

Inglis, for one, has put his money on user entity behavioural analytics (UEBA) technology that watches users online behaviour on an ongoing basis, quietly searching for behavioural anomalies that might indicate suspicious behaviour by otherwise-trusted users.

Shortly after leaving the NSA, Inglis joined the advisory board of UEBA vendor Securonix, which this month opened shop in Australia to tap into a land rush for ANZ businesses that are shoring up their defences in anticipation of a perfect storm of new legislation and governance requirements they will face in 2018 and beyond.

UEBA is just as important in catching outsiders as it is in catching Snowden-like insiders. Outsiders Holy Grail is to become someone or something that has privileges inside the system, Inglis said. Youre looking for a baseline that says that there is actually a different entity behind this privilege, and you want to catch that to defend the integrity and reputation of the person whose privileges have been stolen.

Once that theft happens, the damage can be considerable and fast. We have put more and more power into the hands of fewer individuals, Inglis said. Computers allow you to have much higher leverage based on a single person; the scope and scale attendant to what somebody can do is now much bigger. And your ability to catch it in time to restore things to good order easily, is much harder.

Varying narratives about Snowdens legacy years later, he remains a traitor to some and a hero to others shouldnt distract from the importance of embracing new technologies to stop what he did, Inglis said, arguing that everything should be on the table at this point.

Despite his call for stronger government oversight, Inglis called for a level-headed approach to the current controversy around the governments plans to force software giants to figure out a way to provide access to otherwise inaccessible communications.

While mass brute-force decryption remains mathematically challenging and the details of how such access might be provided remain sketchy, Inglis said its important to remember that the government is effectively fighting its own insider threat. And while discussion about the mechanisms of such a policy are still in early days, he sees them in large part as an extension of long-standing policy around police access to potential evidence of criminal activity.

The Australian governments push to gain access to secure private messaging was an example of the type of considerations that had to be weighed given the current security climate, Inglis said. The question is whether we can take advantage of the capabilities that are there under the rule of law as it has existed for time immemorial, he explained.

The question now is how do we not force ourselves into a place to choose between one and the other, he said, but to ask the right policy questions and come up with the right framework.

The further question, he continued, is whether you want to begin to alter technology trends so you can continue to have a collective defence with secure domestic and national security and individual rights? The government is held accountable by its citizens to deliver those. Its a very thoughtful question.

Error: Please check your email address.

Tags cybersecurity adviser Alistair MacGibbonNational Security AgencyEdward SnowdenPetyaprotecting citizensWannaCryChris Inglismalware attacks

More about ANZAustraliaNational Security AgencyNSA

Read this article:
Security means knowing your network better than your attackers or your users: ex NSA head - CSO Australia