Professional Documents
Culture Documents
0
POSITIONING PAPER CYBER 3.0: WHERE THE SEMANTIC WEB AND CYBER MEET
JOHN TROBOUGH, PRESIDENT, NARUS, INC. FEBRUARY 2013 The term Cyber 3.0 has been used mostly in reference to the strategy described by U.S. Deputy Defense Secretary William Lynn at an RSA conference. In his Cyber 3.0 strategy, Lynn stresses a five-part plan as a comprehensive approach to protect critical assets. The plan involves equipping military networks with active defenses, ensuring civilian networks are adequately protected, and marshaling the nations technological and human resources to maintain its status in cyberspace1. Cyber 3.0 technologies will be the key to enable such protection, and is achieved when the semantic Webs automated, continuous machine learning is applied to cybersecurity and surveillance. Cyber 3.0 will be the foundation for a future in which machines drive decision-making. But Cyber 3.0s ability to deliver greater visibility, control and context has far-reaching implications in our current, hyper-connected environment, where massive amounts of information move easily and quickly across people, locations, time, devices and networks. It is a world where human intervention and intelligence alone simply cant sift through and analyze information fast enough. Indeed, arming cybersecurity organizations with the incisive intelligence afforded by this machine learning means cybersecurity incidents are identified and security policies are enforced before critical assets are compromised.
Cyber is nonetheless integral to our everyday lives. Anything we do in the cyber world can be effortlessly shifted across people, locations, devices and time. While on one hand, cyber is positioned to dramatically facilitate the process of knowledge discovery and sharing among people (increasing performance and productivity and enabling faster interaction), on the other, companies of all sizes must now secure terabytes and petabytes of data. That data enters and leaves enterprises at unprecedented rates, and is often stored and accessed from a range of locations, such as from smartphones and tablets, virtual servers, or the cloud. On top of all this, all the aforementioned endpoints have their own security needs, and the cybersecurity challenge today lies in how to control, manage and secure large volumes of data in increasingly vulnerable and open environments. Specifically, cybersecurity organizations need answers to how they can: Ensure visibility by keeping pace with the unprecedented and unpredictable progression of new applications running in their networks Retain control by staying ahead of the bad guys (for a change), who breach cybersecurity perimeters to steal invaluable corporate information or harm critical assets Position themselves to better define and enforce security policies across every aspect of their network (elements, content and users) to ensure they are aligned with their mission and gain situational awareness Understand context and slash the investigation time and time-to-resolution of a security problem or cyber incident Unfortunately, cybersecurity organizations are impeded from realizing any of these. This is because their current solutions require human intervention to manually correlate growing, disparate data and identify and manage all cyber threats. And human beings just dont scale.
In the future, semantic analysis and sentiment analysis will be implanted into high-powered machines to: Dissect and analyze data across disparate networks Extract information across distinct dimensions within those networks Fuse knowledge and provide contextualized and definite answers Continuously learn the dynamics of the data to ensure that analytics and data models are promptly refined in an automated fashion Compound previously captured information with new information to dynamically enrich models with discovered knowledge Ultimately, cybersecurity organizations are able to better control their networks via situational awareness gained through a complete understanding of network activity and user behavior. This level of understanding is achieved by integrating data from three different planes: the network plane, the semantic plane and the user plane. The network plane mines traditional network elements like applications and protocols; the semantic plane extracts the content and relationships; and the user plane establishes information about the users. By applying machine learning and analytics to the dimensions extracted across these three planes, cybersecurity organizations have the visibility, context and control required to fulfill their missions and business objectives. Visibility: Full situational awareness across hosts, services, applications, protocols and ports, traffic, content, relationships, and users to determine baselines and detect anomalies Control: Alignment of networks, content and users with enterprise goals, ensuring information security and intellectual property protection Context: Identification of relationships and connectivity among network elements, content and end users
Clearly, these three attributes are essential to keeping critical assets safe from cybersecurity incidents or breaches in security policy. However, achieving them in the face of constantly changing data that is spread across countless sources, networks and applications is no small task and definitely out of reach for any principles or practices that rely even partly on human interference. Moreover, without visibility, control and context, one can never be sure what type of action to take. Cyber 3.0 is not a mythical direction of what could happen. Its the reality we will face as the Web grows, as new technologies are put into practice, and as access to more and more devices continues to grow. The future is obvious. The question is: How will we respond? By virtue of machine-to-machine learning capabilities, Cyber 3.0 is the only approach that can rise to these challenges and deliver the incisive intelligence required to protect our critical assets and communities now and into the future.
John Trobough is president of Narus, Inc., a subsidiary of The Boeing Company (NYSE: BA). Based in Silicon Valley, Narus is a longtime cybersecurity innovator and industry pioneer, with patents awarded and pending for its work in cyber.
DoD Talks Up Plans to Deploy Cybercommandos, Tech News World, February 11, 2011 <http://www.technewsworld.com/story/ DoD-Talks-Up-Plans-to-Deploy-Cybercommandos-71872.html>.
1 2 The Zettabyte Era, May 30, 2012, Cisco <http://www.cisco.com/en/
US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/ VNI_Hyperconnectivity_WP.html>.
3 The Internet of Things, Cisco <http://share.cisco.com/
internet-of-things.html>.
4 The State of Broadband 2012: Achieving Digital Inclusion for All,