Un informe del Pent\u00e1gono indica la conveniencia de reenfocar los esfuerzos de ciberseguridad en el personal en lugar de depender principalmente de las nuevas tecnolog\u00edas para proteger las redes. Las herramientas automatizadas a veces son necesarias para frustrar las amenazas cibern\u00e9ticas que atacan las redes a la llamada velocidad de la m\u00e1quina. Pero la naturaleza din\u00e1mica de estas amenazas requiere un enfoque combinado que utilice humanos y m\u00e1quinas juntos.<\/p>\n
WASHINGTON \u2014 The Pentagon should refocus cybersecurity efforts on human defenders instead of primarily relying on new technologies to protect networks, the department\u2019s weapon tester asserted in its annual report.<\/p>\n
Automated tools are sometimes necessary to thwart cyberthreats that attack networks at so-called machine speed. But the dynamic nature of these threats requires a combined approach using humans and machines together.<\/p>\n
\u201c[C]yber assessments and operational tests continue to show that where systems or networks are actively defended by well-trained personnel in environments employing Zero Trust concepts, Red Teams emulating cyber actors have difficulty degrading critical [Department of Defense] missions,\u201d read the fiscal 2021 annual report of the Office of the Director, Operational Test and Evaluation.<\/p>\n
Zero trust<\/a>\u00a0refers to a mindset that assumes networks are already compromised and continuously validates users, devices and data. It is not a single entity, but rather an architecture deploying a series of tools across the network.<\/p>\n In examining combatant command and service exercises from FY14 through FY20, DOT&E noted the importance of defending every stage of a cyberattack, particularly where an adversary moves within a network to find an objective, which can pose detection challenges for human cyber defenders.<\/p>\n Emerging technologies such as Office365\u2032s cloud environment and zero-trust architectures promise to increase defender visibility into these attacks, the report said.<\/p>\n Network tools are good at tipping off human operators that something malicious might be afoot. These human operators are then best suited to use their reasoning skills to\u00a0actively hunt, or search on the network for potential threat actors<\/a>.<\/p>\n \u201cSome of the greatest innovations in cybersecurity in recent years involve the use of advanced technologies like artificial intelligence\/machine learning to radically improve the speed and efficacy of threat detection and prevention,\u201d said Robert Sheldon, director of public policy and strategy at cybersecurity firm CrowdStrike. \u201cBut even for organizations leveraging the most sophisticated tools, people still comprise an essential layer of defense. Whether performing novel research, interpreting context around weak or ambiguous signals, or conducting hypothesis-driven threat hunting, human defenders are key.\u201d<\/p>\n John Davis, who served as a senior military adviser for cyber at the DoD, praised the refocus on people, but said it\u2019s \u201cjust as important to recognize the impact that modern innovations in both technology and processes are having on the skills that today\u2019s modern cyber defenders need to be successful.\u201d<\/p>\n \u201cAutomation tools can relieve [security operations center] analysts of hours of wearisome and mundane tasks, giving them time to develop and document processes for the complex work they perform and allowing them to respond to new or complex threats that are coming across attack surfaces,\u201d said Davis, who is currently vice president of the public sector for cybersecurity specialist Palo Alto Networks. \u201cAutomating processes to account for innovations in best practices and threat intelligence sharing can help ensure that junior analysts have the correct insight to make the best determination as quickly as possible and flag issues for more experienced analysts.\u201d<\/p>\n DOT&E recommended the department refocus cybersecurity efforts on people rather than technology alone. This includes doctrine, organization and training to ensure personnel can use technology to thwart intrusion attempts.<\/p>\n \u201cCybersecurity must be built into system design and the human defender should be included early on in cyber defense engineering and programmatic priorities for both system usability and training,\u201d the report stated. \u201cCyber defenders can and should include dedicated mission defense teams, system users, response-action teams, commanders and network operators, all of whom should be trained and equipped to fight though cyberattacks to complete critical missions.\u201d<\/p>\n The Air Force in recent years has transitioned its communications squadrons into groups of cyber defenders called mission defense teams,\u00a0offloading the mundane day-to-day information technology and network-related responsibilities to the commercial sector<\/a>. These teams, which differ from cyber protection teams that each armed service provides to U.S. Cyber Command, are specialized groups that protect critical Air Force missions and installations such as critical infrastructure or computers associated with aircraft and remotely piloted systems.<\/p>\n The Army, for its part, is working to\u00a0improve the ability of its local network defenders<\/a>, which will bolster its cybersecurity posture. The effort stems from its\u00a0unified network plan<\/a>, which aligns various modernization efforts to provide a network the service needs to share data from the enterprise to the tactical sphere in support of multidomain operations.<\/p>\n Specifically, the Army wants to establish roles and responsibilities at each echelon for the cybersecurity operators that actually own their own network terrain.<\/p>\n Currently, the Army and joint force are not optimized holistically to conduct cybersecurity operations, officials have said, which is largely because there are varying levels of responsibilities, standards and tasks for cybersecurity service providers, the local or installation level network operators, and defenders.<\/p>\n This has created the need to deploy the very high-end and limited cyber protection teams.<\/p>\n The new plan aims to get cyber protection teams back to doing what they do best: hunting on networks and focusing on threats.<\/p>\n