The gravity well of situational awareness has been pulling on us since the earliest days of information protection. The ever-increasing sophistication of threats and compounding complexity of our systems is accelerating us down that path and narrowing our options. As we approach this singularity the choice to continue flying blindly through cyberspace is rapidly becoming nothing less than foolhardy.

Savvy travelers will plan accordingly.

The history of conflict has always pointed to this end. 2,500 years ago Sun Tzu, the greatest military leader of all time, shared the immortal words that all subsequent victors have founded their success upon:

“If you know the enemy and know yourself you need not fear the results of a hundred battles.”

The use of information has developed for precisely this reason: to better know our opponents and better know ourselves.

In the 1940s Dr. Turing invented computers to provide visibility into Axis plans and actions. The 60s saw these tools providing insight into business and civil affairs. Dr. Cohen showed us how to see viruses in the 1980s, Roesch gave us snort in the 90s to peer into packets and the next decade we were weaving these data with SIEM to give us a view of our networks’ activity.

Today, threat analytic platforms are proliferating. The Structured Taxonomy for Information eXchange (STIX) and Trusted Automated Exchange of Indicator Information (TAXII) standards allow real-time sharing of intelligence. Vendors of all shapes and sizes are adding STIX/TAXII support to tie their offerings into analytic platforms and intelligence sources.

Alongside all this technical development communities are connecting to share and enhance knowledge in increasing numbers. In 1998 the White House issued Presidential Decision Directive 63 (PDD-63), which established the need for an Information Sharing and Analysis Center (ISAC).

The Initial ISAC idea spawned multiple ISAC efforts including the Financial Sector and Industrial Control System ISACs (FSISAC and ICS-ISAC) and many others. The recent presidential executive order to foster interaction with Information Sharing and Analysis Organizations (ISAOs) shows an understanding of the need for an even wider range of private sector nodes for sharing situational awareness.

Internationally the Forum for Incident Response and Security Teams (FIRST.org) has grown to represent hundreds of sharing centers around the world. The European Network for Cyber Security (ENCS) through the Distributed ENergy SEcurity Knowledge project (DENSEK) is laying the foundation of a European Energy ISAC (EE-ISAC). This pattern is repeating itself across the globe.

All of this evolution is being reflected in the fundamental requirements of business. Insurance policies have already begun to weigh internal and external situational awareness as factors driving rates and availability of coverage. Boards are beginning to be faced with the choice of improving visibility into their operations, planning and external environment or losing the ability to transfer cyber risks.

The days of placidly sailing the tall ships of commerce with only a star to steer them by are rapidly coming to a close. Navigating the fast and furious lanes of the future requires captains and crews equipped to maintain situational awareness of everything happening on board, and all around.

Leave a Reply