Cybersecurity experts and enthusiasts are gearing up for an insightful presentation by Jason Healey, a senior research scholar at Columbia University, at the upcoming Black Hat USA 2024 event in Las Vegas this August. The focus of Healey’s presentation will shed light on the perpetual struggle between defenders and attackers in the cybersecurity realm.
Healey, with over 50 years of experience in the field, emphasizes the constant challenge faced by defenders in keeping up with the innovative tactics of cybercriminals. Despite significant investments and efforts to enhance defense mechanisms, the effectiveness of defensive strategies still lags behind the agility of offensive tactics.
The publication of the US National Cybersecurity Strategy in the previous year marked a notable milestone in the quest for improved cybersecurity defense. However, Healey highlights the necessity of establishing measurable indicators to assess the progress made in strengthening defense relative to offense. Without tangible metrics to track advancements in defense capabilities, the effectiveness of cybersecurity strategies remains ambiguous.
In his session at Black Hat titled “Is Defense Winning?,” Healey will introduce key indicators to evaluate whether the balance is shifting towards defense. He emphasizes the importance of collecting and analyzing data related to metrics such as mean time to detect (MTTD) and mean time between catastrophes to gauge the effectiveness of defense mechanisms.
Drawing parallels with climate change metrics, Healey stresses the need for a holistic approach to cybersecurity, akin to tracking CO2 levels and temperature changes in climate science. By adopting a comprehensive view of cybersecurity, experts can gain valuable insights into the overall state of cyberspace and identify areas for improvement.
Healey’s involvement in drafting the National Cybersecurity Strategy underscores his advocacy for systemic changes, such as automated updates, as more impactful in bolstering defense than individual efforts like user education or isolated security measures. By identifying areas where minimal adjustments can yield significant impacts, Healey aims to drive substantial changes in cybersecurity defense strategies.
One of the critical challenges addressed by Healey pertains to measuring success in cyber defense. He proposes assessing threat actors’ ability to adapt their tactics, techniques, and procedures (TTPs) as a key indicator of progress in defense. By compelling threat actors to rapidly modify their TTPs due to thwarted attacks, defenders can gauge the effectiveness of their defensive measures.
Moreover, Healey calls for leveraging existing cybersecurity reports, such as Verizon’s annual data breach report and Google’s zero-day reports, to establish defensibility metrics. By presenting relevant data in time series to track trends, cybersecurity experts can gain valuable insights into the evolving landscape of cyber threats.
Healey’s ultimate goal is to inspire the cybersecurity community to strive for measurable improvements and set realistic targets for enhancing defense capabilities. Through his presentation, he aims to initiate a critical dialogue about the efficacy of current cybersecurity strategies and the importance of setting achievable goals to drive progress in defense.
By introducing new indicators and drawing on insights from diverse fields, Healey seeks to empower defenders with the tools and knowledge needed to tilt the balance in favor of defense. The upcoming presentation by Jason Healey at Black Hat USA 2024 promises to be a thought-provoking session that challenges attendees to reflect on their collective impact in the cybersecurity landscape. Stay tuned for the announcement of the date and time for Healey’s presentation at the event.