There is literally daily evidence that as defenders, we are losing the fight against those that attack our cyber security. It is a concerning picture within the realm of software alone. Consider also potential hardware-based threats stemming from sources such as ICT supply chain insecurity and the picture is dire.
It is recognised by many that we need to operate with the assumption that our underlying systems are compromised and there are innovative scientific and engineering approaches emerging designed to assure resilience to such compromises at the time of operation. We should, however, continue to also look for innovations which significantly raise the bar on attackers, making it much harder for compromises to be achieved and lower the severity of their possible impact.
Is the majority of current cyber security research and development likely to only incrementally raise the bar on attackers? Can we deliberately and strategically shift the focus of research and development to produce game-changing cyber security concepts, tools and techniques? Would a shift in investment from detecting and responding to intrusions for example, to one of discovering and fixing vulnerabilities within operating systems, applications, software artefacts and networks before they get exploited produce the mechanisms by which we can in effect counter the threat before it arrives?
My presentation at the Building Cyber Resilience Conference will pose these questions and discuss the Defence Science and Technology Organisation’s (DSTO) research and development projects in cyber assurance and operations directed at this strategically important problem.
Mike Davies will be speaking on the topic of ‘Defeating the threat before it arrives’ at the Building Cyber Resilience Conference in August. Book your place by Friday July 24th to save $200!