An enterprise architecture on steroids sounds big and bulky but, in actuality, it would be lean, mean and much easier to defend, NIST Senior Fellow Ron Ross said yesterday at FedScoop’s 3rd Annual Lowering the Cost of Government with IT Summit at the Newseum.
Ross said that enterprise architecture development has become so advanced that engineers can construct the ability to defend with “the right stuff at the right time” to minimize threats as best as possible. The problem comes, though, because so many of the government’s architectures are oversized and filled with vulnerabilities.
“In many places, the systems we have are indefensible,” Ross said.
So in the future, he says, the key will be architectures that are standardized, optimized and consolidated to give chief information security officers a fighting chance against threats.
Ross compared the issue to that of a car with a failing engine. Right now, security officials are constantly patching vulnerabilities on a system highly susceptible to attacks. Instead of always looking to fill these holes and keep repairing the engine, so to speak, the best solution is to step back and get a whole new car tailored to specific needs.
“When creating any system we need to take a good look at the threat space and the effects it could have and create the best defense against that,” Ross said.
In the long run, minimizing those threats will save the government money as less time is spent patching vulnerabilities, reducing the damage of intruders and curtail the stealing of important information, allowing for a more efficient government.
Below you can listen to Ross describe the two main types of cyber threats.