Cybersecurity
The head of the German national cybersecurity agency, Arne Schoenbohm, is under investigation for alleged links with Russian intelligence. According to the German newspaper Bild, this was denounced by the Minister of the Interior of Germany Nancy Faeser, who asked for a quick change of presidency at the top of the cybersecurity agency.The Federal Office for Information Security (Bsi) is the government agency of Germany, responsible for the security of IT applications and installations, internet security, encryption and certification of security products. Arne Schoenbohm has been head of the agency since 2016, but his appointment has been the subject of strong criticism for his collaborations with companies such as IBM or the Russian Kaspersky, on which the Bsi should instead have a supervisory role, and for his role of founder and former president of the lobbying group Cyber security council Germany.
The association, founded in 2012, brings together experts from the public and private sectors, including some prominent German politicians, and is close to companies in the sector armaments, security and surveillance. Already in 2019, the group ended up at the center of an investigation by the German magazine Ard Kontraste, which revealed its links with Russian state associations and organizations.
Subsequently, on October 7, 2022, the magazine Zdf Royale published an article, in collaboration with the Policy network analytics research network, in which he denounced the links between Schoenbohm and the information security company Protelion Gmbh, owned by the Russian Infotecs. According to the investigation, Infotecs would work for several Russian government agencies, including the FSB intelligence service, heir to the Soviet KGB.
Neither the Ministry of the Interior nor the BSI have yet released in-depth communications on the affair, but according to the German media, Schoenbohm had been urged several times by the Ministry of the Interior to distance himself from the lobbying group. However, the head of the BSI would have recently participated in events organized by the association.
Atomized Networks: Why Cybersecurity Is Failing To Keep Up With Attackers
Martin Roesch, CEO, Netography.
getty
It’s an unfortunate truth that cyber adversaries always start with an advantage. Historically one step ahead, threat actors get to choose when, where and how they attack. The best among them operate like a burglar who has watched your house for months, learned your patterns and waited until you left for that big vacation to make their move.
Despite best efforts, the collective cybersecurity profession has been unable to effectively prepare for how attackers’ techniques and trends will change. That is due in large part to a failure to build for how network architecture has evolved. Modern enterprise networks are increasingly complex, typically including multiple public and private cloud vendors, on-premises proprietary applications, an internal data center, legacy infrastructure and SaaS tools. In other words, networks have become atomized.
The “atomized network” defines these multifaceted environments and includes the modern workforce that relies on them—operating on-premises, remote or hybrid, utilizing many different devices. As enterprise security undergoes a doctrinal shift, so must the way we think about this complex reality. We are at a point where organizations need to look ahead and adapt to changing environments with a security architecture that does the same.
Connectivity gaps create risk.
A major challenge with diverse and complex networks is that attackers live in the security gaps found among the multitude of systems comprising enterprise IT architectures—we can think of it as many pieces of a puzzle. Those gaps, which threat actors continuously look to exploit, exist because security teams historically have tackled architectural components individually.
Security solutions that can effectively secure an entire atomized network are few and far between. Utilizing different security solutions to provide the structure that will optimize each component’s functionality certainly makes sense in theory. In practice, however, hackers can exploit the organizational and technological gaps between disparate security architecture components to gain access and remain undiscovered. The more complicated an atomized network, the greater the number of potential gaps.
Once inside a network, attackers can then lay low and use the available time to observe, learn and identify weak points in their victim’s security architecture. They can move laterally, establish persistence, discover assets and pinpoint the opportunity to do significant damage.
While many are now looking to the zero-trust paradigm to solve this challenge, there can be trade-offs to consider. Zero trust leverages encryption of network traffic that blinds some significant existing security technologies.
That means companies implementing zero trust must usually choose between working with tools that have decreasing utility or deploying ever more complex technology architectures to try to maintain visibility and control over their network environments.
At the same time, security teams are faced with piecemeal visibility—leveraging their cloud providers for insight into those environments while using separate tools to monitor activities within their on-premises, legacy and remote systems. Teams must operate in different modes with a patchwork of uniquely configured and managed tools. Oftentimes, there are even different teams operating the sets of installed technologies.
Closing the gaps requires rethinking the approach.
To evolve and improve this model, it is important to rethink approaches through a new security abstraction, consolidating where they can and centralizing security management and monitoring. Instead of looking at the puzzle pieces individually, it’s time to think about the atomized structure as one.
That recognition is a critical first step that an organization must take in closing the many gaps that exist and making the attacker’s job harder. There are several additional steps to approaching atomized network protection that improve the likelihood of success.
Understand what you have.
Organizations struggle to defend their network because it is so distributed and dynamic that they don’t know what they have. Security teams need to understand the entire ecosystem before they can protect it. Assess what’s already in place, the effectiveness of existing protection efforts and the gaps that need to be addressed.
Along with this, it is important to evaluate environmental blind spots and visibility. Where does the organization lack the comprehensive real-time network visibility that its protection efforts require?
Consolidate wherever possible.
Assess where teams can better coordinate and where tools can be integrated and optimized. Also, consider where new approaches and solutions are needed. Meaningful insights resulting from merging organizational context, detection and threat intelligence will inform better decisions; that means overcoming the current convention of managing disparate data from multiple sources and consoles.
Get flexible.
Rigidity can be the enemy of effective protection, especially against the backdrop of dynamically changing compute environments and increasingly agile and creative adversaries. Security teams must stay agile to rapidly generate defenses in the face of an active attacker.
Automate wherever possible.
If they are to gain an advantage over the adversary, defenders need solutions they can trust, with customizable responses and remediation capabilities that can rapidly respond to evolving threats. In many cases, this means retraining the team to trust their solutions for the baseline so they can focus on the more advanced threats.
In Conclusion
Breaking paradigms is never easy. Decades of technological evolution, mounting business pressures and a pandemic that forever changed the workplace have led us to where we are. With some traditional security methods falling short of what is needed today, it’s time to consider how these gaps can be closed to avoid growing risks.
As cyber defense leaders, we already find ourselves a step behind adversaries who have the initiative to decide when and how they will attack. We can quickly level the playing field when we understand, accept and adapt a security architecture that reflects the reality that today’s playing field has evolved beyond yesterday’s solutions.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?