Analysts: Enterprise Architecture Key To Stopping Cyberattacks
- By Doug Beizer
- December 09, 2008
Enterprise architecture must be a key part of the strategy used to protect
computers and networks from cyberattacks, said Ron Ross, a National Institute
of Standards and Technology senior computer scientist, at the recent Government
Technology Research Alliance symposium in Hershey, Pa.
Ross said he first thought security would cure all enterprise architecture
challenges, but he quickly learned that idea is flawed.
"When I got into actual discussions, I turned my view around to the point
to where I think we can't be successful as security professionals unless
enterprise architects are successful on their end," Ross said. "Enterprise
architecture, I believe, is going to drive the ultimate success of protecting
our critical infrastructures."
The need for protection grows every day, said Scott Bernard, deputy chief information
officer at the Federal Railroad Administration. Bernard said combating malware
on computers is similar to fighting a chronic human sickness.
"I believe that many public- and private-sector operating environments
are infected," Bernard said. "The malware is so sophisticated and
pervasive that even if you know your environment is infected, you may still
not be able to eradicate it completely."
The latest forms of malware pose serious challenges for chief information officers
and chief architects, he said.
"Because this malware allows you to continue operations," he said, "it just
lays dormant and then pops up to record things. Then it goes back to sleep.
When it pops up again, it expatriates a whole bunch of your information. That's
the reality of today."
With just a few Google searches, people can find malware and information, Ross
"It used to be hackers were real smart folks, and there weren't that
many of them," Ross said. "But now with these downloadable tools,
it has empowered virtually mass numbers of people to do great damage."
Deploying information technology in an undisciplined way contributes to the
security problems, Ross said. Well-architected systems are much easier to protect,
Security experts need to know how systems work and how they integrate together
to protect them, he said.
"You can't be forced to look 360 degrees around your systems and
expect to catch everything all the time," Ross said. "You have to
be able to narrow the focus, and that means using architecture to build leaner
and meaner systems."
Doug Beizer is a staff writer for 1105 Media's Federal Computer Week.