by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : August 30, 2016
Nathaniel Gleicher, former director for cybersecurity policy at the White House National Security Council, is Illumio’s head of cybersecurity strategy. Commentary | NATHANIEL GLEICHER The hack and subsequent leak of data from the Democratic National Committee are an industrial-scale example of a fundamental asym- metry in our increasingly connected world: Disclosure is easy; correc- tion is difficult. Although disclosure can be an important tool for transparency and advocacy, it can also be a malicious and powerful weapon. And once records are disclosed, there’s no way to erase that image. Even if they are incorrect or were disclosed for malicious purposes, the imprint remains preserved in the national consciousness. The DNC hack is hardly the first case of disclosures intended to embarrass or undermine. The Ashley Madison hack and a num- ber of other targeted efforts were designed to humiliate and terrify private individuals, prominent activ- ists and public figures. It’s not even the first example of disclosure by a nation-state to affect public debate (consider the Sony intrusion). But the DNC hack shows the rapid increase in sophistication of nation-states (and Russia in particular) in using the internet to project power. We’re seeing skilled malicious actors pushing the boundaries of what they can accomplish. According to several reports, some of the DNC files released in June had metadata indicating they might have been modified before they were leaked. There is no indication (as yet) that any pivotal information was changed, but it is a stark reminder that sophisticated operators needn’t find dirt to be effective. They can insert additional information, modify existing com- munications or release only certain portions of the stolen data. Deterrence is an important component of any response, and it raises immediate questions about attribution and political circum- stances. But deterrence is only one tool if we’re going to reduce nation- state exploitation of networked information. We also need to make intrusions like the DNC hack more difficult. Widespread and prolonged access to a network is important for attackers seeking to steal and control information. Even if they modify the records, intruders still need long-running access to internal deliberations to paint the picture they want. That is partly why intruders often spend months or years in compromised data centers. So what can we do? Data center perimeter security will always be important, but it’s time to stop pre- tending we can block sophisticated actors at the perimeter. We need to focus on reducing the amount of time intruders can hide inside a compromised network — so -called dwell time. Cybersecurity research- ers have estimated the average dwell time as high as 200 days. For more sophisticated intruders, it’s even longer. Gathering large datasets requires attackers to move around in a network, compromise a range of systems and exfiltrate data. If attackers’ access was constrained to days, they’d be forced to rush and take greater risks. Failure rates — and costs for intruders — would skyrocket. There is no magic fix or single algorithm to solve the problem, but there are ways to shorten dwell time: segment the interior of the data center to limit attacker movement, install communications pathways between servers to lay tripwires and slow down unwary intruders, limit user access to cre- ate more barriers to intruder explo- ration, and patch vulnerabilities to limit attackers’ options. Together, those steps would make it much harder for intruders to establish the kind of persistent, widespread access that disclosure operations demand. The approach won’t stop all sophisticated actors from exploiting the asymmetry between disclosure and correction online, but it will make the activi- ties riskier and more difficult — and make intrusions easier to contain. n Hacks and the asymmetry of disclosure Data leaks are impossible to reverse, so the best strategy is to prevent intruders from having prolonged, unfettered access to systems in the first place We’re seeing skilled malicious actors pushing the boundaries of what they can accomplish. 10 August 30, 2016 FCW.COM LINKEDIN.COM 0830fcw_010.indd 10 8/9/16 9:16 AM
August 15, 2016
September 15, 2016