What can large organizations learn from the Pentagon’s cybersecurity approach?

By September 18, 2019 April 20th, 2020 Enterprise, Trends

Connected devices are everywhere these days. According to a study by Gartner, by 2020, there will be over 20 billion IoT devices worldwide. They are used everywhere, in all kinds of organizations, including government bodies. Given the exponential growth of new vulnerabilities that can be used by cyberattackers, these organizations tend to focus their protection measures on their networks. This is especially true for what is known as the Internet of Battlefield Things (IoBT), where nations try, aggressively and repeatedly, to penetrate adversaries’ networks, systems, or even weapons, in order to get the upper hand on the battlefield.

Justification of this growing concern came seven years ago. The US Department of Defense (DoD) developed Comply to Connect (C2C), a system to secure the endpoints on the Pentagon’s network architecture. This increasingly complex web of devices includes everything from door access control systems to battlefield sensors, weapons, connected vehicles, servers containing confidential information, and consumer goods such as printers, monitors, and security cameras.

More specifically, C2C is a system that fulfills four main functions, all of which aim to protect the DoD systems from attacks or unauthorized access to the network via connected devices:

  1. Identifying and validating new connected elements that join the Pentagon network.
  2. Evaluating whether devices follow the DoD’s security policies.
  3. Carrying out continuous monitoring of these devices.
  4. Automatically detecting and dealing with problems in these connected devices, thus reducing the need for heads of cybersecurity to maintain “cyberhygiene”.

This approach combines the most advanced cybersecurity solutions in existence with new, cutting-edge technologies that are able to detect potential threats and deal with the constant changes in the architecture of the Pentagon’s network. This way, C2C analyzes and understands what connects to the DoD network, what its security situation is, and provides up-to-date, accurate information, centralized in a console. This information is then used by leaders, commanders, and other high-ups to make informed decisions in the most optimal, streamlined way possible.

In the middle of a cyberwar like that being undertaken by the US against Iran—or other governments or government bodies such as Earworm against NATO—the system gives the DoD a huge advantage over cyberattackers. So, what is this advantage? Having a much more real, accurate vision of the security perimeter and of endpoints, vital aspects to protect sensitive information managed and stored by the organization.

An example for large companies_

Although the USA developed C2C for government use, large companies can learn from this approach in order to develop their own cybersecurity strategies.

Cyberattackers no longer focus all their attention on the perimeter. This is due, in part, to the boom in technologies such as public clouds and trends that are increasingly entrenched in organizations, such as telework and BYOD (Bring Your Own Device). They are now far more likely to target endpoint devices. The way to tackle these changes in the business model and this reality is for companies to formulate their cybersecurity strategies in a much broader way. This will allow them to deal with all existing layers, as well as to cover things that fall outside traditional attack vectors.

Just as the Pentagon protects its confidential information with a strategy focused on protecting its endpoints and constantly monitoring its devices and networks, companies must promote an IoT cybersecurity culture that goes beyond their own space. They must implement solutions that provide constant visibility of all devices and total control of running processes. Connected devices or machines must have updated firmware, connectivity must be guaranteed with encryption, and the control platform or software must be protected by advanced solutions.

Threat Hunting and Incident Response solutions such as Cytomic Orion, our data analytics solution, specialized in analyzing the behavior of applications, users and endpoints of the whole community in search of anomalous behaviors, allow security teams, SoCs, CSIRT and Threat Hunters to speed up the process of identifying, investigating, containing and resolving advanced cyberthreats.

The C2C approach is a model that gets ahead of attacks that seek to use devices connected to the Internet of Things as attack vectors. With cybersecurity strategies and systems based on monitoring endpoints, analysis, prevention, and detection of new connections, organizations can eliminate the margin in which cybercriminals can act, even before they can do any damage. Threat hunting services are the quickest, most effective response to this kind of problem, and a safe bet for companies