Lines blur between enterprise SecOps and cyberdefense
One expert predicts AI will ultimately benefit attackers more than defenders and, instead, urges businesses to take a page out of military and government cyberdefense handbooks.
If enterprises think threats to the security of critical national infrastructure don't involve them, one cyberdefense expert said they should think again.
Until recently, cyberwarfare and cyberdefense have been the domain of government and military agencies. But the nature of conflict is changing, according to Robert Slaughter, CEO of Defense Unicorns, a defense tech startup specializing in air gap software delivery in highly secure and sensitive environments. Threats against the U.S. uncovered by federal intelligence and cybersecurity agencies in the last two years, such as Volt Typhoon, are focused on civilian critical infrastructure.
That's only the beginning, Slaughter told TechTarget Editorial's Beth Pariseau in an episode of IT Ops Query Season 2: The State of SecOps.
"There's going to be a growing number of unclassified discussions, and I … hope the U.S. government talks about that more so that way, businesses understand," he said. "More and more, they're going to wake up and realize, … 'Oh my gosh, I, for sure, am a target because I didn't know this. But the parts I make are … used on a submarine,' ... or, 'The food I supply produces the food to the base nearby,' or 'The water I make supports this local hospital.'"
These emerging threats require a different approach to security operations than most businesses have taken. They tend to be more aware of ransomware threats, data exfiltration and other financially motivated attacks.
"If your system is compromised and it's for a financial benefit … how do you know that your system is compromised?" Slaughter said. "Someone's going to tell you … and then they're going to hold some ransom over your head. On the nation-state side, … you actually have to actively interrogate the system. You have to actually, actively look for these things."
While some experts are hopeful that the AI boom will boost such proactive SecOps -- it has shown promise in cutting down on alert noise in security observability systems -- Slaughter sees it benefiting attackers more than defenders in the long run.
"It's lowering the barrier to entry and accelerating a unit's or team's ability to produce an effective cyberweapon. [But] the impact of a cyberattack hasn't changed," he said. "Common sense would dictate that at least in the short term, things are going to get worse before they get better."
Instead, enterprises might increasingly adopt the military's approach to securing highly sensitive systems: disconnecting them from networks. So-called air-gap systems are much more difficult, if not impossible, for attackers to access from the outside.
Robert Slaughter CEO, Defense Unicorns
"There's a lot of defense systems that, on the surface, are actually quite insecure if you actually look at what they're running. It's a lot of outdated software," Slaughter said. "What ultimately protects those systems is that moat, that air-gapped environment."
For enterprises, air gap systems raise a time-honored dilemma between security and accessibility, and Slaughter acknowledged air-gap systems are more difficult than networked systems to manage. But he said he hopes the high stakes of failure could push more enterprises to take on that challenge.
"A lot of times, the United States in particular kind of waits for that catastrophic event to really rally around things," he said. "I do see changes happening, and I think it's really a question of, are the changes that are happening going to move fast enough to prevent … a catastrophic event in the future?"
Beth Pariseau, senior news writer for TechTarget Editorial, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.