Sunday, March 7, 2010

More of the Initiative...Proactive versus Reactive

As I mentioned in yesterday's post, the Comprehensive National Cybersecurity Initiative was released by the White House late last week. The initiative is meant to be both proactive and reactive in nature.

Proactively, the government would like to have the most up-to-date anti-cyber terrorist actions in place to prevent a malicious group of users from accessing information or shutting down a grid of the internal infrastructure of the U.S. This basic goal is a large scheme project that is going to require a massive overhaul of several systems. Possible: yes! Probable: most likely. Expensive: you can bet on those $45 dollar hammers being part of that bill.

The Reactive aspect of the government is going to incorporate something known as counterintelligence (I know, government/military = counterintelligence, but that's not the point here). Counterintelligence in the cyber world is basically acknowledging a threat as soon as possible along with all of the affects of the threat and then finding a way to neutralize it. We would be "countering" an intelligent attack on the nation, hence counterintelligence. This is being spearheaded by a number of nerds, geeks, crackers, hackers and all around interesting people. As anyone that has worked in a specific area long enough with a keen sense of observation and a solid deductive skills can tell you, you start seeing trends. You see the results before they happen and you do what you can to react to those conditions.

Play any game, sport or puzzle long enough and you learn how the rules work and where they can be bent or broken. The same applies to a single computer, a network of computers or an entire infrastructure. The Internet follows the same rules and the malicious code that affects it tends to do the same. There is always an origination point. There are always a number of workstations that are used to deploy a code. The code tends to stay dormant in the recesses of a registry or folder on a workstation. The switch is activated and bam...a few million PC's start smoking, flashing red lights and spitting out bank account numbers. The Reactive people are meant to sniff this sequence of events out before the smoking, flashing and spitting happen.

My thoughts: might as well cover everything to prevent and stop all attacks. What are your thoughts?

No comments: