What is Defend Forward?
The DoD’s Defend Forward operational concept has been rolling out over the past few years. Policy makers and cyber defenders in government realized that, as the situation in Afghanistan led directly to the rise of Al-Qaeda and the 9-11 attacks, the situation in cyberspace was going to lead to crippling cyber-attack of similar power.
However, unlike Afghanistan, where a power vacuum was created by the withdrawal of the Soviet Union, the Internet was designed from the outset to be open. By design, there are no police; no organization with the authority with the power to punish bad actors. The cavalry are stuck in the fort.
Something had to change.
Cyber Protection Teams (CPTs) working at the Department of Defense (DOD) were restricted to preparing for and responding to attacks on their own network. Hacktivists, cyber criminals, and nation state adversaries were not restricted in the same way. This unequal playing field was addressed by removing the restriction on CPTs and allowing them to operate, if asked, in the networks of foreign countries. This new operational concept is called Defend Forward.
The goal of Defend Forward is to move out into cyberspace and inflict costs on bad actors, especially other nation states. As most adversary cyber teams tend to use and reuse the same tactics, techniques, and procedures (TTPs), finding malware on foreign networks and publicizing it forces those cyber attackers to create new methods. This takes time, effort and money. By shining a light on these playbooks, friendly nations, other parts of government and civilians will know what to look for, further disrupting cyber attacked operations. Lastly, this serves as a signal to enemies that we know about their procedures and puts them on the defensive.
How Do We Protect the Base?
While Defending Forward is off to a promising start, it is only a part of the ongoing cyber war. A “whole – nation” effort is needed –involving both government and industry. Only 10% of the critical infrastructure networks in the U.S. are controlled by our government. Industry needs to do its part and protect the home base.
We need to know our networks better than the attackers do. We need to make sure our networks are set up securely as we intended. We need to find and mitigate the highest risk issues first. Our complex networks make this very hard to do without technical support.
RedSeal’s cyber terrain analytics platform and professional services help all organizations improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. RedSeal continually checks to see if a network’s segmentation is working as designed, ranks end point vulnerabilities in order of risk, and adds knowledge of your network to determine how accessible the vulnerability is to untrusted networks and what it will expose if compromised.
Contact us for more information about how RedSeal can help you support our cyber protection teams.