Broadband Communities

NOV-DEC 2018

BROADBAND COMMUNITIES is the leading source of information on digital and broadband technologies for buildings and communities. Our editorial aims to accelerate the deployment of Fiber-To-The-Home and Fiber-To-The-Premises.

Issue link: https://bbcmag.epubxp.com/i/1064321

Contents of this Issue

Navigation

Page 63 of 88

N O V E M B E R / D E C E M B E R 2 0 1 8 | w w w. b r o a d b a n d c o m m u n i t i e s . c o m | B R O A D B A N D C O M M U N I T I E S | 5 7 cyber threats. e most likely solution to this problem must incorporate active, 24/7 live monitoring, complete with interdiction and remediation services. is type of support operates in parallel with the network operating center (or NOC) and is called a security operating center (or SOC). From an operating perspective, the addition of a SOC approximately doubles the operating cost of a NOC. is has necessitated industry soul- searching about how internet services are packaged and priced. e requirement for active security services, combined with the avalanche of new internet-of- things technology, drives up operating costs and related contingent liability. Clarus Broadband's chief security and information officer, Scott Blackard, has been involved in several notable cyber projects over the last 20 years, including threat modeling for Fortune 100 organizations, threat modeling and cyber operations support for the U.S. Department of Defense, support for academic organizations and more. He explains that the DoD's Cyber Protection Team, which is charged with mission assurance and threat mitigation support for U.S. critical infrastructure, provides security services in sequential layers: identification, protection, detection, response and recovery. ese services have matured over the years and provide a solid foundation for the development and support of commercial and residential infrastructure. Most currently available forms of cyber protection fall within identification and protection. Much as a help desk uses "run books," passive forms of cyber protection use whitelists and blacklists to identify, protect and respond to known forms of malware. A SOC also uses "run books" and knowledgeable security service personnel to help respond to and recover from new and ongoing security threats. "One of the more insidious characteristics of evolving cyber threats," Blackard notes, "is that cyber threat also includes real-time attacks from bad actors. ese attacks employ the orchestrated application of both passive and active malware and real-time hacking to break into your network." e only way to protect networks from this kind of attack is with the use of good actors known as "white-hat hackers" and "counter hacking." White-hat hackers and defense perimeter network administrators work as a team to control the security domain in a cost-effective manner for each network defended. Identify. e first phase of protection is the identification of known, common cyber vulnerabilities. is information is typically updated and provided through third-party virus protection software. ese lists are provided through subscription services, and cyber specialists continually add new threats to the lists. Protect. Hardening an enterprise infrastructure is a large, time-consuming task that typically takes a week or two. For vulnerable networks, hardening steps should be taken in prioritized order to ensure the threats can be detected, isolated and mitigated. All steps in the hardening process are important, but the order in which they are executed is critical. During the hardening process, the infrastructure can typically be defended if the attack can be detected. is makes detection the first and most important element of protection. Detect. e most important element of detection is the ability to characterize normal and abnormal users, devices, software and configurations. Everything must be analyzed as "known good," "known bad" or "unknown." Unknown threats must be analyzed to determine the danger they pose. Respond. If a new and unknown cyber threat is detected, damage is occurring. Every minute the threat goes unaddressed increases the cost of recovery. Damage includes the time required for cyber operatives to terminate the attack, assess and correct the damage, as well as the costs of implementing security provisions designed to prevent similar attacks in the future. Recover. After identifying and terminating a previously unknown cyber threat, cybersecurity operatives restore normal network operations and fully document the new threat. is information is also used to update passive forms of cyber protection. SUMMARY Maintaining reliable internet access is already sufficiently difficult, and rapidly maturing cyber threats have added a new, expensive dimension to customer support. e good news is that the vast majority (99 percent) of cyber threats are quickly and quietly dealt with through passive support systems. e bad news is that the last 1 percent easily accounts for 99 percent of the cost of and related damage to modern network operations. It is no longer a matter of whether you will suffer a cyberattack but a matter of how much identifying, terminating and recovering from an attack will cost. Cybersecurity is just one of the many reasons broadband do-it-yourselfers need to ally themselves with professional service organizations that can help maintain stable broadband systems. v David Daugherty is the chairman and co-founder of Clarus Broadband. Clarus is dedicated to the development and marketing of broadband in underserved markets. Contact David at david@clarusbroadband.com. To ensure stability, a network requires a security operating center to work in parallel with the network operating center – for roughly the same cost.

Articles in this issue

Links on this page

Archives of this issue

view archives of Broadband Communities - NOV-DEC 2018