Booz Allen Hamilton
expertvoices-banner-header-2010

Advanced Persistent Threat: Industrial Strength Hacking

 

Meet the Panel

  • Jeffrey Carr, Taia Global
  • Larry Clinton, Internet Security Alliance
  • Anup Ghosh, Ph.D., Ivincea
  • Catherine Lotrionte, Ph.D., Georgetown Institute of Law
  • Gary McGraw, Ph.D., Cigital

About Our Panel

 

This panel of top industry and government experts focuses on how advanced persistent threats have evolved, what the implications are for business leaders, government officials, and our society, and approaches used to address this growing challenge.

Aired on February 8, 2011

 

 

Read Our Expert Commentary

 

Investing Money in the Right Places

Posted by Ron Ritchey on March 1, 2011

 
Ron Ritchey

Expert Reactions: Ron Ritchey, Principal
Investment is a key component of an APT strategy.  Dr. Ghosh rightly points out that we’ve already spent significant resources in R&D trying to develop approaches to increase cyber security.  What are missing are incentives to move promising research into common usage.  A great example of this is in software testing.  Our academic centers have created novel methods to detect software flaws that go far beyond industry practice but very few organizations take advantage of them.  Most organizations don’t even approach function coverage (testing that makes sure that every function in the program gets executed at least once).  To learn more about the state of academic research in software testing see “Introduction to Software Testing” by Offutt/Ammann.

Better application of testing techniques would have a direct impact on the amount of vulnerabilities that APTs can leverage in their attacks.  Unfortunately, there is often little economic incentive to apply these techniques.  There’s a great book on this by Dave Rice titled “Geekonomics: The Real Cost of Insecure Software”.  In it he makes a strong case that the incentives within the software industry are broken and are directly contributing to the sad state of software security. Fixing this will not be easy but is essential if we are going to find the resources and will to apply more advanced techniques to the challenge of defending against advanced adversaries.

 

 

Point / Counterpoint: The Target of APT Attacks

Posted by boozallen.com on February 22, 2010

 

 

 

 

Point / Counterpoint: Are APTs a Technology Problem?

Posted by boozallen.com on February 21, 2010

 

 

 

 

Point / Counterpoint: Defining Advanced Persistent Threats

Posted by boozallen.com on February 19, 2010

 

 

 

 

The Nature of APT Attacks

Posted by Ed Kanerva on February 20, 2011

 
Ed Kanerva

Expert Reactions: Ed Kanerva, Vice President
For the most part, APTs that are going after what Mr. Clinton calls ‘vacuum attacks’ are organized.  They do their homework first, decide on the target, determine the approach vectors of attack and then unleash. Depending on the target of the attack, they can be elegant in their approach; i.e. quiet, stealthy and unobtrusive, or a little less so in taking the risk of being detected to get what they are looking for.  Nonetheless, the APT end game is the same. Penetrate the target, exfiltrate the information, maintain a backdoor in/out if required, and move on.  Motives for the attacks can be many, and we have figured out over time what these adversaries are doing to the US and the economy. I recall reading an article translated from the People’s Liberation Daily (a Chinese Military periodical) from the mid-80’s that has stuck with me over the years. I paraphrase a key point here . . . an Adversary wishing to destroy the United States only has to affect the computer systems of its banks by high tech means. This would disrupt and destroy the U.S. economy.

 

 

What does the Future hold for Advanced Persistent Threats?

Posted by boozallen.com on February 17, 2010

How will we see the Advanced Persistent Threat evolve in the future?

 

 

 

 

Challenges in Combating the Industrial Strength Hacking

Posted by boozallen.com on February 16, 2010

What are some of the major challenges in combating APTs?

 

 

 

 

Mitigating the Risk of Advanced Persistent Threats (APTs)

Posted by boozallen.com on February 15, 2010

This Expert Voices panel focuses on Advanced Persistent Threats and the risk they pose to critical elements of our society’s infrastructure. In your opinion, what makes this topic relevant and timely?

 

 

 

 

Current and Future Cyber Challenges

Posted by Ed Kanerva on February 2, 2011

Edwin J. Kanerva

Ed Kanerva is a Vice President at Booz Allen Hamilton Vice President with extensive experience providing Intelligence, Cybersecurity, and Information Assurance support for the National Security, Defense, Civil, and Commercial Cyber markets.

 

Advanced Persistent Threats in the Cyber Realm = Danger

In the early days of the Internet, it was a place for free communication where academics and the general populace could share ideas and information for the good of society, and not care about anyone stealing their intellectual capital. That was then, this is now! Over the years, as the Internet matured, it has evolved into a place where public and private sectors conducted business because of its speed and interconnected nature.  It has also become the place where people, businesses and governments store sensitive information that is vulnerable to sophisticated adversaries.

While we can still communicate with one another, times have changed. We are being forced, in a manner of speaking to be careful about exchanging information freely because of a pervasive, sophisticated, and dangerous element known as the Advanced Persistent Threat (APT). APTs can be criminal, hacktivists, nation states or terrorist organizations, to name a few. Regardless of their beliefs, APTs are robbing the United States blind as far as intellectual capital is concerned. As a result they have adversely affected the way private and public sectors conduct business and communicate in a free market economy.

In the context of cyber, there is virtually no computer system of consequence that can’t be compromised and that’s partly why APTs are so dangerous. But consider attacks that we have not found. That’s the real danger.

The U.S. Versus APTs

We know that APTs don’t discriminate – they attack the U.S. government, private sector, and people like you and me. While APTs have become complex, they are designed to cause harm without taking networks down, technically speaking. Hackers look for the easiest path into networks to minimize their own risk. In many cases, hackers find that it’s easier to exploit known vulnerabilities to achieve their nefarious objectives, but they are also known to introduce new attacks, like zero-days, to keep their victims unaware of their depth of access.

Zero-day attacks, for example, are not known to most defensive capabilities, like firewalls. Most firewalls are rules-based so they defend against attacks based on previous activity. So what the APT does is create entry capabilities that are not known to rules-based defenses. APTs work hard to penetrate networks, but once they are in, they are generally in.  While businesses and government organizations build networks for ease of communication, they need to configure networks to determine who needs and doesn’t need access to sensitive information.

Combating and Stopping APTs

Many tough decisions must be made to combat APTs. The U.S. and international community need to change existing laws and rules of engagement, as well as how they address cyber threats from nation states and criminals, while respecting the privacy of the individual user. Ultimately, society must decide what the Internet should be. Should it remain the ‘wild, wild Webb?’ If that’s what society wants, then the Internet – as it is right now – is fine, and we will continue to experience APT problems without a way to marginalize their success.

However, if we want to keep sensitive information private and only for an intended recipient as it flows across the Internet, then we need to take into consideration other, more secure network or protection algorithms to keep information that requires protection secure. Booz Allen is working on an initiative known as “dot. Secure” launched roughly 12 months ago. It essentially verifies you are who you say you are when communicating on the “dot.secure” path. If the system doesn’t recognize John Jones, then John Jones would not be allowed to enter a system, like a bank’s ATM. Being able to communicate reliably within the law – without violating personal privacy – is where we need to be.

Industry’s biggest opportunity to stop APTs is for private industry and government to work together. If industry, government and, in some cases, allies, work together to change Internet law and regulation that everyone benefits from while maintaining security, then the time to act is now. If we do nothing, it will take another 10 to 15 years before we get anything accomplished.

 

 

Expert Thoughts: Steve Windsor on Defending Against APTs

Posted by Steve Windsor on January 31, 2011

 


Steve Windsor is a Senior Associate at Booz Allen Hamilton. With extensive experience in the field of digital forensics he manages the firm’s Advanced Persistent Threat, Digital Forensics, Incident Response, and Proactive Threat Identification service offerings.

 

  • The Federal News Radio Expert Voices panel focuses on Advanced Persistent Threats. In your opinion, why is this topic so relevant as we look toward the future?
  • “Advanced Persistent Threats (APTs) have worked around most of today's information assurance (IA) solutions and present a serious challenge to network defenders and the IA industry.  The protocol APTs use is rapidly being adopted by non-APT actors, significantly increasing the quantity of successful attacks from all types of adversaries.  To counter the APT threat we must develop a better-than-best-practices risk management program and must learn to co-exist with them while protecting our most critical assets.”
    ~ Steve Windsor, Senior Associate


 

 

 

APTs and the Financial Market

Posted by Tim Hall on January 31, 2011

 

APT Landscape

The Advanced Persistent Threat (APT) landscape has changed dramatically in the past 10 years. In the early days of the Internet, hackers wanted to prove they could break into a system and cause a disruption to demonstrate their superior skills, but today the methods and motives are quite different. There are three characteristics of the new reality: the sophistication of the attacks has evolved, the attacks are targeted at specific organizations or individuals, and the intent of the adversary is to maintain a long term presence on the targeted system.

First, the sophistication of the attack continues to evolve. Today’s adversary combines social engineering with custom, single-use attacks to get around traditional security measures. If a sophisticated adversary wants to penetrate a target network, they can. It’s virtually impossible to keep them out. Second, the attacks are very targeted. APTs are not interested in causing mass disruptions; they have specific objectives and target organizations and individuals to obtain what they want. The long-term silent presence of today’s APT is much more insidious than previous network threats. Their intent is to remain on the targeted system for a long time in the interest of financial gain, international espionage or malicious objectives.  APTs do not want to do anything to disrupt operations or raise suspicion. Lack of any known malicious activity gives the target the sense that they are safe and their valuables are secure, ensuring that they will continue to generate the targeted information unabated.

In addition to simply stealing or re-directing money, a successful APT can provide a broad range of benefits to the attacker. They can reap financial benefit through the theft of intellectual property, knowledge of negotiating positions, bidding strategies, and insider information. They will know what you know and adjust their strategies and tactics accordingly. They can impact your systems and internal controls to execute coordinated terrorist attacks.

APTs and Financial Markets

APTs in the financial market have introduced a couple of new dimensions. First of all, the barrier to entry has fallen from a cost perspective, meaning the capital investment to conduct an attack is negligible compared to the benefit.  As a result, the types of adversaries are formidable, ranging from rogue nation states to organized crime.

When I consider APT threats associated with the financial market, I see three major concerns. This first is financial fraud; this covers a broad range of situations where the criminal element, working inside financial networks, manipulates the system or information for their financial gain.  For example, acquiring insider knowledge would enable criminals to anticipate market changes and profit through the buying and selling of stocks.

The second area deal with international negotiations on trade, currency and debt.

The third item is terrorism and our critical infrastructure. If terrorists were looking to sabotage our critical infrastructure, causing damage or disruption to our major banking institutions would wreak havoc in the markets and compromise people’s confidence in the United States financial system. Imagine waking up one morning and being unable to access your bank accounts. No ATM, no checking …what would you do?

Approaches to Managing Risk

As our appreciation for the capability of APTs increases there comes a point when we realized you will never know if your system is secure. It becomes evident that we can’t keep every unauthorized user off our networks. As a result, we must learn how to live in a degraded or compromised system.

Firewalls, intrusion detection, antivirus and other infrastructure protections are still required and are the bedrock of a good security program, but they are no longer enough. Good security tools and practices are necessary to maintain general order on the system.

New advanced risk-informed defensive techniques and processes are needed to respond to the ever evolving adversary. For example, Booz Allen developed a three stage methodology that addresses the immediate concern of an intruder on a network. This can be leveraged to evaluate and identify the most critical aspects of a system while optimizing long- term response through a managed risk approach to system analysis, benchmarking, and focused capital and operational investments.

 

 

Expert Thoughts: Tim Hall on the Changing Landscape of the Cyber Threat

Posted by Tim Hall on January 30, 2011

 

 

Expert Thoughts: Ed Kanerva on the Widespread Impact of APTs

Posted by Ed Kanerva on January 20, 2011

 

Ed Kanerva

Ed Kanerva is a Vice President at Booz Allen Hamilton Vice President with extensive experience providing Intelligence, Cybersecurity, and Information Assurance support for the National Security, Defense, Civil, and Commercial Cyber markets.

 

  • The Federal News Radio Expert Voices panel focuses on Advanced Persistent Threats. In your opinion, why is this topic so relevant as we look toward the future?
  • “The Advanced Persistent Threat to our networks affects the way society, business, and government conduct safe and reliable communications across the world wide web. It is a national problem that is adversely affecting the key intellectual property, sensitive information, and the critical systems that power our economy and ensure national security.  If we do not do anything about it now to create a national dialogue from all sectors: government, commercial, academia, and in some cases our allies, we run the risk of rendering the Net useless for anything but the simplest of communications.”
    ~ Ed Kanerva, Principal


 

 

 

Expert Thoughts: Ron Ritchey on Protecting Critical Assets

Posted by Ron Ritchey on January 19, 2011

 

 

Expert Thoughts: Sounil Yu on the Danger of APTs

Posted by Sounil Yu on January 18, 2011

 

 


Meet Our Panelists

Meet the Panelists

Jeffrey Carr, Taia Global
Larry Clinton, Internet Security Alliance
Anup Ghosh, Ph.D., Ivincea
Catherine Lotrionte, Ph.D., Georgetown Institute of Law
Gary McGraw, Ph.D., Cigital
Read More
Jeffrey Carr

Jeffrey Carr

Founder and CEO of Taia Global and author of “Inside Cyber Warfare”. Mr. Carr is also the founder of Project Grey Goose, an open source investigation into cyber conflicts including the Russia Georgia War (2008) and, more recently, Attacks Against Critical Infrastructure.Read More
Larry Clinton

Larry Clinton

President, Internet Security Alliance. Mr. Clinton is known as one of the most reliable sources on cybersecurity in Washington, D.C. He has been featured on CBS News, Fox News, CNN, C-SPAN, CNBC “Power Lunch” and CNBC “Squawk on the Street”.

 

Read More
Anup Ghosh

Anup Ghosh, Ph.D.

Founder & Chief Scientist, Ivincea. Dr. Ghosh was previously Senior Scientist and Program Manager in the Advanced Technology Office of DARPA. For his contributions, Dr. Ghosh was awarded the Frank B. Rowlett Trophy for Individual Contributions by the National Security Agency in November 2005.Read More
Catherine Lotrionte

Catherine Lotrionte, Ph.D.

Professor, Associate Director, Georgetown Institute of Law, Science and Global Security and Director of Georgetown's Cyber Project. Professor Lotrionte is the author of numerous publications, including two forthcoming books. She is a life member of the Council on Foreign Relations.
Read More
Gary McGraw

Gary McGraw, Ph.D.

Chief Technology Officer, Cigital. Dr. McGraw is a globally recognized authority on software security and the author of eight best selling books on this topic. He produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.Read More

About Our Panel

This panel of top industry and government experts focuses on how advanced persistent threats have evolved, what the implications are for business leaders, government officials, and our society, and approaches used to address this growing challenge.

Aired on February 8, 2011

 

Read Our Expert Commentary

Investing Money in the Right Places

Posted by Ron Ritchey on March 1, 2011

Ron Ritchey

Expert Reactions: Ron Ritchey, Principal
Investment is a key component of an APT strategy.  Dr. Ghosh rightly points out that we’ve already spent significant resources in R&D trying to develop approaches to increase cyber security.  What are missing are incentives to move promising research into common usage.  A great example of this is in software testing.  Our academic centers have created novel methods to detect software flaws that go far beyond industry practice but very few organizations take advantage of them.  Most organizations don’t even approach function coverage (testing that makes sure that every function in the program gets executed at least once).  To learn more about the state of academic research in software testing see “Introduction to Software Testing” by Offutt/Ammann.

Better application of testing techniques would have a direct impact on the amount of vulnerabilities that APTs can leverage in their attacks.  Unfortunately, there is often little economic incentive to apply these techniques.  There’s a great book on this by Dave Rice titled “Geekonomics: The Real Cost of Insecure Software”.  In it he makes a strong case that the incentives within the software industry are broken and are directly contributing to the sad state of software security. Fixing this will not be easy but is essential if we are going to find the resources and will to apply more advanced techniques to the challenge of defending against advanced adversaries.

 

 

Point / Counterpoint: The Target of APT Attacks

Posted by boozallen.com on February 22, 2010

 

Point / Counterpoint: Are APTs a Technology Problem?

Posted by boozallen.com on February 21, 2010

 

Point / Counterpoint: Defining Advanced Persistent Threats

Posted by boozallen.com on February 19, 2010

 

The Nature of APT Attacks

Posted by Ed Kanerva on February 20, 2011

Ed Kanerva

Expert Reactions: Ed Kanerva, Vice President
For the most part, APTs that are going after what Mr. Clinton calls ‘vacuum attacks’ are organized.  They do their homework first, decide on the target, determine the approach vectors of attack and then unleash. Depending on the target of the attack, they can be elegant in their approach; i.e. quiet, stealthy and unobtrusive, or a little less so in taking the risk of being detected to get what they are looking for.  Nonetheless, the APT end game is the same. Penetrate the target, exfiltrate the information, maintain a backdoor in/out if required, and move on.  Motives for the attacks can be many, and we have figured out over time what these adversaries are doing to the US and the economy. I recall reading an article translated from the People’s Liberation Daily (a Chinese Military periodical) from the mid-80’s that has stuck with me over the years. I paraphrase a key point here . . . an Adversary wishing to destroy the United States only has to affect the computer systems of its banks by high tech means. This would disrupt and destroy the U.S. economy.

 

 

What does the Future hold for Advanced Persistent Threats?

Posted by boozallen.com on February 17, 2010

How will we see the Advanced Persistent Threat evolve in the future?

 

Challenges in Combating the Industrial Strength Hacking

Posted by boozallen.com on February 16, 2010

What are some of the major challenges in combating APTs?

 

Mitigating the Risk of Advanced Persistent Threats (APTs)

Posted by boozallen.com on February 15, 2010

This Expert Voices panel focuses on Advanced Persistent Threats and the risk they pose to critical elements of our society’s infrastructure. In your opinion, what makes this topic relevant and timely?

 

Current and Future Cyber Challenges

Posted by Ed Kanerva on February 2, 2011

Edwin J. Kanerva

Ed Kanerva is a Vice President at Booz Allen Hamilton Vice President with extensive experience providing Intelligence, Cybersecurity, and Information Assurance support for the National Security, Defense, Civil, and Commercial Cyber markets.

Advanced Persistent Threats in the Cyber Realm = Danger

In the early days of the Internet, it was a place for free communication where academics and the general populace could share ideas and information for the good of society, and not care about anyone stealing their intellectual capital. That was then, this is now! Over the years, as the Internet matured, it has evolved into a place where public and private sectors conducted business because of its speed and interconnected nature.  It has also become the place where people, businesses and governments store sensitive information that is vulnerable to sophisticated adversaries.

While we can still communicate with one another, times have changed. We are being forced, in a manner of speaking to be careful about exchanging information freely because of a pervasive, sophisticated, and dangerous element known as the Advanced Persistent Threat (APT). APTs can be criminal, hacktivists, nation states or terrorist organizations, to name a few. Regardless of their beliefs, APTs are robbing the United States blind as far as intellectual capital is concerned. As a result they have adversely affected the way private and public sectors conduct business and communicate in a free market economy.

In the context of cyber, there is virtually no computer system of consequence that can’t be compromised and that’s partly why APTs are so dangerous. But consider attacks that we have not found. That’s the real danger.

The U.S. Versus APTs

We know that APTs don’t discriminate – they attack the U.S. government, private sector, and people like you and me. While APTs have become complex, they are designed to cause harm without taking networks down, technically speaking. Hackers look for the easiest path into networks to minimize their own risk. In many cases, hackers find that it’s easier to exploit known vulnerabilities to achieve their nefarious objectives, but they are also known to introduce new attacks, like zero-days, to keep their victims unaware of their depth of access.

Zero-day attacks, for example, are not known to most defensive capabilities, like firewalls. Most firewalls are rules-based so they defend against attacks based on previous activity. So what the APT does is create entry capabilities that are not known to rules-based defenses. APTs work hard to penetrate networks, but once they are in, they are generally in.  While businesses and government organizations build networks for ease of communication, they need to configure networks to determine who needs and doesn’t need access to sensitive information.

Combating and Stopping APTs

Many tough decisions must be made to combat APTs. The U.S. and international community need to change existing laws and rules of engagement, as well as how they address cyber threats from nation states and criminals, while respecting the privacy of the individual user. Ultimately, society must decide what the Internet should be. Should it remain the ‘wild, wild Webb?’ If that’s what society wants, then the Internet – as it is right now – is fine, and we will continue to experience APT problems without a way to marginalize their success.

However, if we want to keep sensitive information private and only for an intended recipient as it flows across the Internet, then we need to take into consideration other, more secure network or protection algorithms to keep information that requires protection secure. Booz Allen is working on an initiative known as “dot. Secure” launched roughly 12 months ago. It essentially verifies you are who you say you are when communicating on the “dot.secure” path. If the system doesn’t recognize John Jones, then John Jones would not be allowed to enter a system, like a bank’s ATM. Being able to communicate reliably within the law – without violating personal privacy – is where we need to be.

Industry’s biggest opportunity to stop APTs is for private industry and government to work together. If industry, government and, in some cases, allies, work together to change Internet law and regulation that everyone benefits from while maintaining security, then the time to act is now. If we do nothing, it will take another 10 to 15 years before we get anything accomplished.

 

 

Expert Thoughts: Steve Windsor on Defending Against APTs

Posted by Steve Windsor on January 31, 2011


Steve Windsor is a Senior Associate at Booz Allen Hamilton. With extensive experience in the field of digital forensics he manages the firm’s Advanced Persistent Threat, Digital Forensics, Incident Response, and Proactive Threat Identification service offerings.

  • The Federal News Radio Expert Voices panel focuses on Advanced Persistent Threats. In your opinion, why is this topic so relevant as we look toward the future?
  • “Advanced Persistent Threats (APTs) have worked around most of today's information assurance (IA) solutions and present a serious challenge to network defenders and the IA industry.  The protocol APTs use is rapidly being adopted by non-APT actors, significantly increasing the quantity of successful attacks from all types of adversaries.  To counter the APT threat we must develop a better-than-best-practices risk management program and must learn to co-exist with them while protecting our most critical assets.”
    ~ Steve Windsor, Senior Associate


 

 

APTs and the Financial Market

Posted by Tim Hall on January 31, 2011

APT Landscape

The Advanced Persistent Threat (APT) landscape has changed dramatically in the past 10 years. In the early days of the Internet, hackers wanted to prove they could break into a system and cause a disruption to demonstrate their superior skills, but today the methods and motives are quite different. There are three characteristics of the new reality: the sophistication of the attacks has evolved, the attacks are targeted at specific organizations or individuals, and the intent of the adversary is to maintain a long term presence on the targeted system.

First, the sophistication of the attack continues to evolve. Today’s adversary combines social engineering with custom, single-use attacks to get around traditional security measures. If a sophisticated adversary wants to penetrate a target network, they can. It’s virtually impossible to keep them out. Second, the attacks are very targeted. APTs are not interested in causing mass disruptions; they have specific objectives and target organizations and individuals to obtain what they want. The long-term silent presence of today’s APT is much more insidious than previous network threats. Their intent is to remain on the targeted system for a long time in the interest of financial gain, international espionage or malicious objectives.  APTs do not want to do anything to disrupt operations or raise suspicion. Lack of any known malicious activity gives the target the sense that they are safe and their valuables are secure, ensuring that they will continue to generate the targeted information unabated.

In addition to simply stealing or re-directing money, a successful APT can provide a broad range of benefits to the attacker. They can reap financial benefit through the theft of intellectual property, knowledge of negotiating positions, bidding strategies, and insider information. They will know what you know and adjust their strategies and tactics accordingly. They can impact your systems and internal controls to execute coordinated terrorist attacks.

APTs and Financial Markets

APTs in the financial market have introduced a couple of new dimensions. First of all, the barrier to entry has fallen from a cost perspective, meaning the capital investment to conduct an attack is negligible compared to the benefit.  As a result, the types of adversaries are formidable, ranging from rogue nation states to organized crime.

When I consider APT threats associated with the financial market, I see three major concerns. This first is financial fraud; this covers a broad range of situations where the criminal element, working inside financial networks, manipulates the system or information for their financial gain.  For example, acquiring insider knowledge would enable criminals to anticipate market changes and profit through the buying and selling of stocks.

The second area deal with international negotiations on trade, currency and debt.

The third item is terrorism and our critical infrastructure. If terrorists were looking to sabotage our critical infrastructure, causing damage or disruption to our major banking institutions would wreak havoc in the markets and compromise people’s confidence in the United States financial system. Imagine waking up one morning and being unable to access your bank accounts. No ATM, no checking …what would you do?

Approaches to Managing Risk

As our appreciation for the capability of APTs increases there comes a point when we realized you will never know if your system is secure. It becomes evident that we can’t keep every unauthorized user off our networks. As a result, we must learn how to live in a degraded or compromised system.

Firewalls, intrusion detection, antivirus and other infrastructure protections are still required and are the bedrock of a good security program, but they are no longer enough. Good security tools and practices are necessary to maintain general order on the system.

New advanced risk-informed defensive techniques and processes are needed to respond to the ever evolving adversary. For example, Booz Allen developed a three stage methodology that addresses the immediate concern of an intruder on a network. This can be leveraged to evaluate and identify the most critical aspects of a system while optimizing long- term response through a managed risk approach to system analysis, benchmarking, and focused capital and operational investments.

 

 

Expert Thoughts: Tim Hall on the Changing Landscape of the Cyber Threat

Posted by Tim Hall on January 30, 2011

 

Expert Thoughts: Ed Kanerva on the Widespread Impact of APTs

Posted by Ed Kanerva on January 20, 2011

Ed Kanerva

Ed Kanerva is a Vice President at Booz Allen Hamilton Vice President with extensive experience providing Intelligence, Cybersecurity, and Information Assurance support for the National Security, Defense, Civil, and Commercial Cyber markets.

  • The Federal News Radio Expert Voices panel focuses on Advanced Persistent Threats. In your opinion, why is this topic so relevant as we look toward the future?
  • “The Advanced Persistent Threat to our networks affects the way society, business, and government conduct safe and reliable communications across the world wide web. It is a national problem that is adversely affecting the key intellectual property, sensitive information, and the critical systems that power our economy and ensure national security.  If we do not do anything about it now to create a national dialogue from all sectors: government, commercial, academia, and in some cases our allies, we run the risk of rendering the Net useless for anything but the simplest of communications.”
    ~ Ed Kanerva, Principal


 

 

Expert Thoughts: Ron Ritchey on Protecting Critical Assets

Posted by Ron Ritchey on January 19, 2011

 

Expert Thoughts: Sounil Yu on the Danger of APTs

Posted by Sounil Yu on January 18, 2011