Editor’s Note: The Final Report of the Defense Science Board (DSB) Task Force on Resilient Military Systems is attached here. Below is an excerpt from a section of the report discussing continuous monitoring.
8.2.1.2 Provide Continuous Monitoring and Situational Awareness
An additional challenge for DoD is understanding who is “on” and what is the operational status of their network(s). Sensor deployment has begun at Internet access points to monitor and control access and network traffic flow. These Einstein sensors provide monitoring of network ingress and egress through a system of mostly COTS network monitoring tools driven by the NSA-provided signature set. This is a good start, but commercial tools have advanced to include capabilities to operate behind firewalls and to track anomalous activity throughout the components of a network. It is essential to provide continuous monitoring of all networks against cyber attack (see State Department example in Figure 8.1).
The information assurance of operational systems is typically achieved through encryption of data during network transport (and occasionally at rest-while stored) or multi-level security solutions geared toward the safe handling of multiple security levels of data on the same computer (processor). Data must be decrypted prior to processing, and advanced attacks being used today access the data at that point, thereby circumventing the encryption.
Leave a Reply