Attack Defense Balance Schneier Security Measurement
Are Cyber Defenders Winning? New Data Offers a Glimpse
It’s a question I hear constantly: “Who’s winning the cybersecurity battle – the attackers or the defenders?” For too long, the answer has been a frustratingly vague, qualitative shrug. But a groundbreaking new piece from Jason Healey and Tarang Jain on Lawfare,titled “Are Cyber Defenders Winning?”,finally brings data to the forefront.
This isn’t just about how one organization is faring; it’s about establishing a framework for measuring our collective progress in the digital defense arena.As Healey explained to me via email, their work is built on three crucial insights:
A Framework is Essential: Defenders need a structured way to categorize the overwhelming flood of security metrics, grounded in threat, vulnerability, and outcome.
Trends Over Specifics: What truly matters are the overarching trends, not getting lost in the minutiae of individual data points.
leverage Existing Data: To start, we should avoid reinventing the wheel. Instead,we can effectively utilize the wealth of data already being meticulously reported by incredible teams at organizations like Verizon,Cyentia,Mandiant,IBM,and the FBI.
The Surprising Verdict: Progress, But a Long Road Ahead
The initial conclusion from their analysis is both surprising and encouraging: while there’s still a significant journey ahead, we’re performing better than many might assume. The data reveals significant improvements across several key areas:
Threat operations: Efforts to disrupt and counter malicious activities are showing positive trends.
Threat Ecosystem and Organizations: The landscape of threat actors and their organizational structures appears to be evolving in ways that suggest some defensive gains.
Software Vulnerabilities: Progress is being made in identifying and mitigating weaknesses in the software we rely on.
Though, the report also highlights a critical area where we’re not seeing the same positive momentum: consequence. The impact of cyberattacks, in terms of the damage inflicted, hasn’t seen a corresponding increase. This leads to a sobering observation: as cost imposition becomes a driving factor, we might potentially be entering a phase of “survival of the fittest,” potentially resulting in fewer, but more formidable, cyber predators.
Phase One: Laying the Foundation for Future Measurement
This initial framework is just the beginning.The project is strategically designed in three phases, with this report representing Phase One. The ambitious goals for the subsequent phases include:
Developing a Comprehensive Indicator Catalog: Creating a more complete and detailed catalog of indicators that span threat, vulnerability, and consequence.
Encouraging Data Reporting: Motivating cybersecurity companies and other data-rich organizations to report defensibility-relevant statistics in time-series formats, mapped directly to this new catalog. Driving Improved Analysis and Reporting: Fostering enhanced analysis and more insightful reporting based on this standardized data.
This is truly significant and valuable work that promises to bring much-needed clarity and actionable insights to the ongoing cybersecurity dialog. It’s a vital step towards understanding where we stand and how we can collectively improve our defenses in the ever-evolving digital landscape.
Tags:** cyberattack, defense, reports