As the number of hacks on government and businesses increase, the ability to predict an impending cyberattack is insufficient, according to a new survey.
Cybersecurity warning and intelligence is nascent and ill-defined, according to an October survey and report from the Intelligence and National Security Alliance, a membership group of national security officials.
The INSA survey is based on industry, academia and public officials at the request of government agencies.
“Survey results show that the absence of a framework hinders an organization’s ability to prioritize resource allocation, data acquisition and incident response,” the report said.
The INSA report found that across the U.S. government there is no standard warning system for incoming cyberattacks. Each agency might have their own metrics, leading to a scattershot approach to defending against hacks. There is not even a unified definition of what a cyberattack is, according to the report.
The report showed how the absence of indicators that could warn of an incoming hack was indicative of larger cybersecurity problems. For instance, respondents told INSA that they “have little visibility into their own networks, such that they were unable to adequately asses their systems’ vulnerabilities.”
There is also a gaping shortfall of cybersecurity talent, according to the survey, with 44 percent of organizations short of proper staff. Almost an equal number of respondents said that cyber executives do not have an adequate budget to protect their systems.
One takeaway that may help minimize disruptions, however, is that a majority of those who did use some form of cyberthreat intelligence said that they used a popular model developed by Lockheed Martin, one of the prime defense contractors of the U.S. government.
Roughly 60 percent of respondents used the Lockheed Martin developed “cyber-kill chain model,” which is a warning system for cyberattacks that “identifies what the adversaries must complete in order to achieve their objective” during a hack, according to the defense contractor. There are seven opportunities to stop a cyberattack, according to the model, which range from thwarting reconnaissance to debilitating command-and-control capabilities.
“We really wanted to think about how to get an edge on the attackers to defend our information,” Mike Gordon, the deputy chief information security officer at Lockheed Martin, told reporters Oct. 17.
“The kill chain was our analysis of the adversaries process. What do they do from A to Z in order to be successful in an attack and how do we counter those steps along the way.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.