Insight By Anomali

How to protect U.S. cyber assets in a high threat environment

Tensions may be slightly calmer between the United States and Iran, but in the cyber world the stakes are always high between the two countries.

That’s why the United States must rely on threat intelligence to stay ahead of adversaries like Iran, who are constantly trying to find a way into critical assets.

“Where we see a bigger risk from Iran is on the cyber front. This shows how war has evolved. It used to be very focused on your kinetic and nuclear power. As we’ve become an interconnected world, connected by the internet, cyber became a higher risk target and the barrier for entry is much lower,” Jill Cagliostro, project manager at Anomali, said as part of the series Security Strategies in Government, sponsored by Anomali.

It isn’t expensive to train a cadre of hackers in comparison to buying a fighter jet.

“You need a computer and an internet connection and from there you can cause a lot of destruction,” Cagliostro said.

So how does the United States get the intelligence it needs on threats and stay ahead of actors like Iran?

According to Cagliostro, it all starts with threat training. Humans will always be the weakest link in a security stack since they will always need to ender a username and password, which makes those credentials easily compromised.

“One of the best ways U.S. entities can prepare is to remind their users about how to defend themselves against phishing attacks, to be more vigilant and to put all of their users on high alert that these things may be coming in,” Cagliostro said.

Another way U.S. organizations can deter attacks from Iran or any hackers is to share information. The United States set up the Cyber Information Sharing and Collaboration Program so the government and industry can inform each other of threats and attacks. There is also a new version of the Security Technical Implementation Guides, which facilitates sharing vulnerabilities at scale.

“The new model allows for a lot more flexibility and a lot more detail and the ability to capture relationships between pieces of information,” Cagliostro said. “By formalizing the way we can share information and ingest this information it makes it much easier to track at scale and take action on. The future of threat intelligence is model first. It’s focusing on identifying tactics techniques and protocols, the actor groups. It’s looking at that higher level and making sure you’re protected.”

Still, industry has had some issues when it comes to sharing information. No one wants to admit they have vulnerabilities, Cagliostro said.

“Sharing is inherently a scary thing for companies both on the commercial side and on the federal side,” she said. “When you share out intelligence it’s essentially admitting, ‘I’ve seen this in my environment.’ There’s a very, very high fear of attribution back to them. The Department of Homeland Security has done a very good job of making it easier to share in smaller communities, so there is less risk of attribution, it’s a small vetted audience and you feel more comfortable.”