Authentic8 Blog Author: Justin Cleveland

Justin is the Head of Federal Business for Authentic8 and also an Officer in the U.S. Navy Reserve.

Why Your Defender’s Paradigm Isn’t Working Anymore

Why does it seem like despite the ever-evolving technology and the billions of dollars being spent on cybersecurity, that the attackers are winning? Well, in two words: they are.

Despite our best efforts to disrupt cyber attacks, it’s the current paradigm that isn’t working, not just the technology we deploy. Below, I discuss the current “defender’s paradigm” - the predominant thought model that still informs the defensive behavior and security posture of large parts of the cybersecurity community - and examine how we got here and what we can do about it.

The current Defender’s Paradigm

The current defender’s paradigm is pretty simple: it’s the realization that the cyberwar is going to be fought on your network and preparing accordingly. The most valuable networks have thousands of endpoints, ever-changing rosters of users, and enclaves of incredibly valuable information distributed worldwide. As such, most organizations, either through concerted planning or trial and error, generally follow a six-step

Why You Should Be Fed Up With the Cycle of FUD

The upcoming election has created the perfect opportunity for the $100 billion cybersecurity industry to throw some fear, uncertainty and doubt — colloquially known as “FUD” — into the daily conversation.

Vendors see this as an opportunity to double down on their marketing to help congressional offices “defend democracy.” But they’re selling the same solutions that got these offices in trouble in the first place. Isn’t it time to try a different approach?

It’s important to understand that unlike other branches of government, each congressional office is responsible for their own security when it comes to their IT infrastructure. In many instances, offices outsource management of their systems to contracting agencies, which contributes to the problem.

Additionally, congressional offices and political parties were targets long before the industry took notice. Party staff are juicy targets for social engineering, phishing, and other forms of targeted attacks from APT groups. Stealing the data they’re holding can be a windfall for political adversaries

Navy NGEN-R: New Network, Usual Suspects

Later this year, the United States Navy intends to award a contract to upgrade their unclassified network, the Navy Marine Corp Intranet (NMCI).

The new contract, Next Generation Enterprise Network Re-compete (NGEN-R) is a multiple award contract that will absorb global networking efforts into a single vehicle that the Navy will administer. Will the Navy get the network needed to “win” in the cyber-battlespace of the future?

*

While the Navy Program Executive Office for Enterprise Information Systems (PEO EIS) has certainly “leaned forward” in its outreach to industry, it hasn’t yet moved full steam ahead into a total embrace of innovation.

By hosting traditional “Industry Days” and other familiar industry outreach initiatives, PEO EIS has ensured that Federal System Integrators (FSIs), who consistently over promise and under deliver on such large programs, will have significant influence over this procurement.

By allowing the FSIs to influence the scope of work, the Navy has ensured it won’t receive the next-gen network needed