Governments are probably finding it not easy to strengthen its line of defense in cyber warfare because history lacks experience in cyber conflict. They have no past to learn from, much less conceptualize how a national-level conflict would be fought.
"I would give us today probably a 'C,' going up," said General Keith Alexander of the US military when asked during a House Armed Services Committee hearing to grade the ability of the Defense Department to defend its networks.
The US military has made improvement in hardening its computer networks against cyber attack but more remains to be done, the Pentagon's top cyber warrior said. The Defense Department is working extremely hard on hardening their networks.
"I'd like to say an 'A' but I think it's going to take some time to get to an 'A' and an 'A' is where I believe nobody can penetrate the network," Alexander, head of the Pentagon's Cyber Command and the top secret National Security Agency. Alexander added there had been tremendous progress over the last two years and they have made it extremely difficult for adversaries to get in. "When you look at the problems we had on our networks a few years ago to where we are today it's a huge improvement," he said.
Frequent attempt to breach the Defense Departments networks and data security have put DODs information security personnel under increasing pressure. Continuous cyber attacks also are raising the benchmark for how the military manages information networks.
The changes come from DOD's realization that the department can no longer protect networks and the data that flows over them simply by building a better firewall, DOD officials say. The department's networks are inextricably tied to public and private networks. And defending the ability to use those networks and having ways to work around attacks on them is as important as securing the data in transit on the networks or at rest on systems connected to them.
EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals. CAST will provide highly advanced technical security training such as Advanced Penetration Testing, Digital Mobile Forensics Deep Dive, Advanced Application Security, Advanced Network Defense, and Cryptography Deep Dive. These highly sought after and advanced information security training will be offered at all EC-Council hosted conferences and events, and through specially selected training partners. The launch classes for CAST will be at the upcoming TakeDownCon Dallas, from May 15-17, 2011.
Meanwhile, DOD has already has taken initial steps to defend its security network. The US Department of Defense has included EC-Councils Certified Ethical Hacker (CEH) IT security training program into its Directive 8570, making it one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP). Advanced security training skills provide the defender situational awareness required to defend its IT security infrastructure and mounting security threats.
Any governments around the world, including the US is vulnerable to attacks, and attacks can vary in scale. US defense officials are concerned with malware attacks, which had infected significant parts of the Unclassified but Sensitive IP Router Network (NIPRnet) and Secret IP Router Network (SIPRnet).Officials have denied that specific attacks happened or declined to discuss them, including the alleged Chinese hacker attack on Lockheed Martins F-35 Joint Strike Fighter data. However, DOD's leadership is pushing for big improvement in how the military secures its data and counters cyber attacks.
The US Defenses initiative to form highly trained cyber security defenders is a very good step towards achieving its goal in getting a grade A for ability to defend its networks.
iAutoblog the premier autoblogger software
No comments:
Post a Comment