'Patch and pray' no longer the way, says INSA

In a new report titled 'Cyber Intelligence', INSA said that the US must develop cyber intelligence capabilities that can predict cyberthreats and deter them, instead of waiting for attacks and then responding.

The sophisticated nature of current cyberthreats requires a more proactive approach on the part of the government and industry, INSA stressed.

“Evolving information systems technology has turned the cyber arena into a multi-dimensional attack space that extends the conventional landscape to a virtual domain where key economic and national security assets are exposed to significant threats….Cyberspace is a haven for a broad range of disruptive operations, including reconnaissance, theft, sabotage, and espionage. It serves as an environment that allows threats to target hardware, software, financial assets, intellectual property, and individual identities”, the report warned.

INSA recommended that US government and industry define and establish effective cyber intelligence approaches and policies to preempt cyberattacks, expand public-private efforts to share intelligence and take coordinated action, and increase research on cyberattack warning systems.

“Ultimately, effective cyber intelligence will begin to enable predictive, strategic warning regarding cyber threat activities, mitigate risks associated with the threat, enhance our ability to assess the effects of cyber intrusion, and streamline cyber security into a more efficient and cost effective process based on well informed decisions”, the report concluded.

Commenting on the report, Mark Darvill, director of AEP Networks, said: “Governments and critical national infrastructure providers globally need to think like the military and scale up their security to the highest levels. It is essential that they continue to listen to and work with the security industry to make sure that the most advanced security solutions are being deployed to protect out national intelligence and infrastructure.”

What’s hot on Infosecurity Magazine?