Commentary|NATHANIEL GLEICHER
Nathaniel Gleicher, former director for cybersecurity policy at the White House National Security Council, is Illumio’s head of cybersecurity strategy.
Hacks and the asymmetry of disclosure
Data leaks are impossible to reverse, so the best strategy is to prevent intruders from having prolonged, unfettered access to systems in the first place
The hack and subsequent leak of data from the Democratic National Committee are an industrial-scale example of a fundamental asym- metry in our increasingly connected world: Disclosure is easy; correc- tion is difficult.
Although disclosure can be an important tool for transparency and advocacy, it can also be a malicious and powerful weapon. And once records are disclosed, there’s no way to erase that image. Even if they are incorrect or were disclosed for malicious purposes, the imprint remains preserved in the national consciousness.
The DNC hack is hardly the
first case of disclosures intended
to embarrass or undermine. The Ashley Madison hack and a num- ber of other targeted efforts were designed to humiliate and terrify private individuals, prominent activ- ists and public figures. It’s not even the first example of disclosure by a nation-state to affect public debate (consider the Sony intrusion).
But the DNC hack shows the rapid increase in sophistication of nation-states (and Russia in particular) in using the internet to project power. We’re seeing skilled malicious actors pushing the boundaries of what they can accomplish.
According to several reports, some of the DNC files released in June had metadata indicating they might have been modified before they were leaked. There is no indication (as yet) that any pivotal
information was changed, but it is a stark reminder that sophisticated operators needn’t find dirt to be effective. They can insert additional information, modify existing com- munications or release only certain portions of the stolen data.
Deterrence is an important component of any response, and it raises immediate questions about attribution and political circum- stances. But deterrence is only one
We’re seeing skilled malicious actors pushing the boundaries of what they can accomplish.
tool if we’re going to reduce nation- state exploitation of networked information. We also need to make intrusions like the DNC hack more difficult.
Widespread and prolonged access to a network is important for attackers seeking to steal and control information. Even if they modify the records, intruders still need long-running access to internal deliberations to paint the picture they want. That is partly why intruders often spend months or years in compromised data centers.
So what can we do? Data center perimeter security will always be important, but it’s time to stop pre-
tending we can block sophisticated actors at the perimeter. We need
to focus on reducing the amount
of time intruders can hide inside a compromised network — so-called dwell time. Cybersecurity research- ers have estimated the average dwell time as high as 200 days. For more sophisticated intruders, it’s even longer.
Gathering large datasets requires attackers to move around in a network, compromise a range
of systems and exfiltrate data. If attackers’ access was constrained to days, they’d be forced to rush and take greater risks. Failure rates — and costs for intruders — would skyrocket.
There is no magic fix or single algorithm to solve the problem,
but there are ways to shorten dwell time: segment the interior
of the data center to limit attacker movement, install communications pathways between servers to lay tripwires and slow down unwary intruders, limit user access to cre- ate more barriers to intruder explo- ration, and patch vulnerabilities to limit attackers’ options.
Together, those steps would make it much harder for intruders to establish the kind of persistent, widespread access that disclosure operations demand. The approach won’t stop all sophisticated actors from exploiting the asymmetry between disclosure and correction online, but it will make the activi- ties riskier and more difficult — and make intrusions easier to contain. n
10 August 30, 2016 FCW.COM
LINKEDIN.COM