Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.
Cyberanalytics: Government’s digital game of chess
By Chris Smith, Director of Cyber Strategy, SAS
The hacking game has many players, most of whom can be categorized by their motivations: hacktivism, financial gain or strategic intelligence, to name a few. These groups – regardless of their technique – can be thought of as pieces on a chessboard. Phishing scams, for example, use pawns within an organization to open up access to data – or even to the king.
Those with malicious intent against governments usually attempt to infiltrate databases for either financial gain or to obtain strategic information to relay to a nation-state entity. The strategic information could be military intelligence, critical infrastructure schematics, or personally identifiable information to use for other criminal activities. Moving through the network in any direction like the queen, these adversaries use even the smallest bits of information they find along the way to move closer to their goals. That’s why adopting analytics into a government data-loss prevention plan is critical. Much like chess, knowing where a piece falls on the board isn’t helpful unless you know where all of the other pieces are, and how they got there.
A good defense in cybersecurity is to think like an attacker to figure out the “why.” Why would someone take the risk to gain access to specific information?
The significance of delving into "Why?"
When applying this concept to the US Office of Personnel Management (OPM) data breach, you may think that having the name and address for a person in itself wouldn’t be damaging, but digging deeper into that person’s role, security clearance level and associates may prove to be quite harmful, possibly endangering. For example, knowing John Doe lives at 17 Cherry Tree Lane isn’t necessarily a threat. But learning that he works at the Department of Health and Human Services as a contracting officer with a top secret clearance and has a wife, Jane, is probably appealing in the eyes of an attacker.
A good defense in cybersecurity is to think like an attacker to figure out the “why.” Why would someone take the risk to gain access to specific information? What would justify the time and effort this would take? What might be the next moves? At what levels can we (or should we) protect that data?
The answers to these considerations can guide leaders to a better understanding of the attacker so they can better protect their information. To help automate the process, government agencies can use security analytics. Applying cyberanalytics based on behavioral patterns, agency leaders gain a broader understanding of the most targeted or vulnerable data, and then continually reinforce security measures around it.
Analytics offers both preventive insight and post-attack assessments. When employed for data protection, analytics can help identify where an organization is most susceptible to a breach. If information is compromised, analytics can be used to determine from where and by whom.
Chess masters can anticipate their opponents’ strategies many moves in advance. Analytics can provide a similar function in the cybersecurity world – helping agencies anticipate the next move of the adversary to more effectively secure the data they need to protect.
Christopher Smith has 22 years of experience in information technology and security in both the public and private sectors. Positions held prior to SAS include Acting Chief Technology Officer, United States National Park Service and Lead Enterprise Architect for the Departments of Labor, Education, Agriculture, Defense, Energy, United States Presidential Transition Team and the White House. Smith holds a bachelor’s degree in Information Systems from the University of Maryland, and is finishing a master’s degree in Advanced Engineering in Cyber Security from the University of Maryland’s Advanced Cybersecurity Center. He holds industry leading security and technology certifications, including: Certified Information Systems Security Professional (CISSP), Information Security (INFOSEC), Certified Chief Information Security Officer (C|CISO), Cisco Certified Cybersecurity Specialist and Certified Ethical Hacker (CEH).