The Next Wave of Cybersecurity
Executive Viewpoint
A Conversation with
KERRY LONG
Program Manager, Intelligence Advanced Research Projects Activity
An IARPA manager discusses how the organization is using cloud technologies to evolve security
How is IARPA’s Virtuous User Environment tackling security challenges in the cloud and other virtualized environments?
VirtUE is exploring the opportunities the cloud presents to improve cybersecurity in general. That is, the goal is not to improve security of the cloud but rather to improve security with the cloud.
Cloud features such as virtualization, hyper-efficient resource sharing and low barrier to entry for new services offer opportunities for improved security against cyberattacks. In this regard, the cloud offers cybersecurity professionals a once- in-a-generation opportunity to reconsider many of the “accepted” work processes
and technologies that currently make up cyberspace.
Many cyberspace components are inherited from a time when security wasn’t
a fundamental design requirement. Today, cybersecurity professionals attempt to overcome the inherent weaknesses in
these cyber components with ever more complicated processes and mitigation marvels when the answer might be to replace these components with more secure ones.
The cloud offers technologies to isolate non-interactive server workloads through a delivery model called microservices.
VirtUE is attempting to apply similar concepts to the user computing environment. VirtUE is exploring the possibility of replacing the standard user computing environment with container-like entities called Virtues. A Virtue is mapped to the functions or roles a user performs to isolate user-based risks.
How can agencies outside the Intel- ligence Community apply VirtUE’s principles to their own systems? IARPA intends to make VirtUE software
open source. Our goal is to demonstrate the concept and seed innovations from other developers to mature it.
Open-source software with permissive licensing is a great way to get new ideas into the marketplace fast. If VirtUE’s reinvention of the user computing environment is deemed by the open-source community to have merit, it will spread.
The foundation for a better user environment will be available to be matured and delivered, and we hope, no longer will cleverly malicious emails
or websites jeopardize the missions of government or the private sector.
What do agencies need to know about edge computing and cybersecurity?
It is possible that edge computing will exist at the perimeter of the ever-expanding commercial cloud and that the distinction between on-premises and cloud will blur.
Organizations are already starting
to bring commercial cloud devices on premises to do preprocessing before data is transported to the cloud. As these technologies increase in popularity, organizations’ infrastructures will become, in some sense, local extensions of commercial clouds.
In fact, this could result in improve- ments to the cybersecurity posture of some enterprises.
For example, as cloud providers place equipment and software — i.e., closely guarded intellectual property — at customer locations, cloud providers may feel the need to assume ever increasing responsibility for security over these assets.
This interview continues at Carah.io/Long-IARPA.
KERRY LONG
S-46 SPONSORED CONTENT