Building Next-Generation Cybersecurity Solutions

For true security, all dimensions of the computing environment should be considered, says Senior Vice President Patrick Peck.

A secure business computing environment requires a broad approach that encompasses not just traditional cybersecurity solutions, but all aspects of a cyber-enabled architecture, according to Booz Allen Hamilton Senior Vice President Patrick Peck.

This includes elements such as service-oriented architecture, cloud computing, identities, and other emerging technologies, says Peck, who is responsible for the firm’s IT business.

“Cybersecurity needs to be combined with other aspects of computing, and delivered in an integrated way,” says Peck. “The entire cyber-enabled architecture needs to be secure.”

At the recent Securities Industry and Financial Markets Association (SIFMA)  Technology Conference in New York, Peck noted that cyber threats are increasing, and he emphasized the importance of a holistic approach.

Peck described a cyber simulation in December that was sponsored by the Business Executives for National Security (BENS), and conducted by Booz Allen. More than 230 senior leaders from industry, government, Congress and academia were asked to respond to a cascading cyber attack that decimated telecommunications in the eastern United States, and damaged financial institutions and other targets.

“No one was clear what to do,” said Peck. One of the key lessons was that, because of our vast interconnectedness and interdependence, “cybersecurity is too large and complex for any one authority to handle alone.”

The exercise, Peck told the conference, demonstrated the need for a new type of tri-sector leadership in which government, business and civil society work together “in a common quest” that benefits each sector without requiring the participants give up their individual core identities  or values.

Such collaboration is essential, said Peck. “Our government and private sector networks are being exploited at an unprecedented scale by a growing array of state and non-state actors,” he told the conference. “Malicious cyber activity continues to grow more sophisticated, targeted and serious; these trends will not just continue, but expand and increase in volume and capacity.”

Peck singled out three recommendations that emerged from the simulation:

• Establish clear lines of authority for planning and executing the cyber mission, including having a single voice for cyber security education, awareness and alerting within the government.
• Develop a national-level organization or collective forum to catalogue and make recommendations to mitigate cyber incidents.
• Expand and accelerate research, development and innovation to improve upon today’s cyber security practices, tools and integration.

At Booz Allen, Peck is helping develop an innovative strategy to deliver next-generation security solutions to clients in the defense, security and civil sectors. The various emerging technologies, he says, “are integrated into a holistic enterprise solution to provide our clients with a mechanism to migrate from their current infrastructure platforms to a new, future platform that will support secure business solutions.”

Cybersecurity cannot be a piecemeal process, says Peck. While it is important to train employees on cyber issues, for example, all dimensions of the computing architecture need to be considered.

Technology is an important starting point, says Peck. However, he adds,  “the cyber security challenge is much broader than a technology issue – it is a mission integration challenge.  Cybersecurity goals can only be met through a comprehensive and synchronized approach that integrates technology, operations, culture, management and policy changes.”

This holistic approach, he says, “defines a vision and strategy for future computing environments that are cost effective and secure.”

Booz Allen Senior Vice President Michael McConnell, in presentation to the conference via video, said that the vulnerabilities created by technology “cannot be mitigated by individual organizations, or by the carriers that provide information services, or by the government. It is going to take a partnership by all three.”

McConnell, the former Director of National Intelligence, called for a public-private partnership  between those three sectors that “allows us to mitigate the risk while continuing to receive the benefits.”

“It  is not simply a technology matter,” said McConnell, the leader of Booz Allen’s National Security Business. “It starts with policy, it involves the culture of the organization, it involves the operational profile and the procedures, as well as technology. But it is affordable, it can be done, and it must be done in the interest of the organization and in the interest of the nation.”

study posted August 13, 2009