The new chairman of the Joint Chiefs of Staff thinks the July hack of his organization’s unclassified email network showed a deficiency in the Pentagon’s cybersecurity investment and a worrying lack of “resiliency” in cybersecurity in general.
It was an embarrassing event for sure. The hackers, suspected to be Russian, got into the network through a phishing campaign and, once in, reportedly took advantage of encrypted outgoing traffic that was not being decrypted and examined. Gen. Joseph Dunford, who took command Oct. 1, said the hack highlighted that cyber investments to date “have not gotten us to where we need to be.”
As a goal, resiliency is a fuzzy concept. If it means keeping hackers out completely, then Dunford is right – the Defense Department has a problem. If it means being able to do something once hackers get in to limit or negate the effects of the hack, then he’s off the mark.
Best practice in the security industry is now to expect that even the best cyber defenses will be breached at some point. The effectiveness – or resiliency — of an organization’s security will ultimately be judged on how it deals with that breach and how efficiently it can mitigate its effects. For the full article click here
from hacker samurai http://ift.tt/1TVDxhJ
via IFTTT
No comments:
Post a Comment