Cyber, Zero Trust 4 MIN Read

Cyber Resilience: When Everything Is Code, Everything Bounces Forward

February 11th, 2022

OUR CAPABILITIES

Learn more about GDIT’s cybersecurity work.

Cybersecurity at scale requires a focus on resilience. And as anyone in cybersecurity will tell you, resilience is more than compliance; it’s about agility. Being compliant doesn’t always (and frequently isn’t) the same as being secure, especially as both the nature of cyber threats evolve and the number of tools in cyber adversaries’ arsenals grows.

This is why using the flexible Everything as Code (XaC) approach as a means to build resilience into architectures is so important. In fact, building resilience into architectures is actually more important than “just” protecting them – because in a game of prevention, you’ll lose 100 percent of the time. Your adversaries have to be right, or lucky, only once. You have to be right, and lucky, all of the time – forever.

Our cybersecurity focus must shift from prevention to resilience – away from the damage control and response model and toward a reality where we architect solutions that enable us to be respond nimbly and quickly, especially as zero-day attacks and exploits increase. You can’t predict or plan for everything, but you have to have a way to respond and bounce forward – not “back,” but forward. You have to continually improve and become as flexible and agile as your adversaries.

An XaC approach is the only way to be as flexible as the current cybersecurity landscape demands. With the type of physical security architectures and controls of the past, in order to make a change in response to an emerging threat – even with unlimited budgets or authority – presented lag times from required infrastructure builds or supply chain delays. In today’s environments, you can’t afford to be physical infrastructure driven.

If you abstract that into the software space, XaC and a digital engineering approach involves pushing as much of the physical into code as possible. You’ll never be 100 percent there, but the closer you can get, the better. You’ll be better suited to isolate and respond to known threats (or indicators of compromise) as well as anomalies that aren’t yet classified but are of concern.

Following the typical “isolate the threat, rapidly respond, and make a change” model, XaC allows for an even more reactive and even more responsive approach because you can deploy faster responses and make quicker changes.

And then what is really exciting when we think about cyber resilience – you can start shifting into the world of deceptive cyber operations like tripwires and honeypots. Rather than relying on alarms that tell you when someone is engaged in activities that go against permissions, for example, you can replicate your environment with vulnerabilities that are meant to attract bad actors. From there, you can adapt your actual infrastructure in response to how the criminals interact with your “mirage” one. XaC can help us be more responsive and reactive to infiltrations, enabling us to turn the tables on adversaries and lean into the fight.

Many in the cyber world, and beyond, are familiar with the traditional attack frameworks inventory and define the indicators of an attack or compromise. A corollary to that is thinking about a defend framework, wherein, you lay out the hallmarks of resilient infrastructures.

Moving forward, organizations need to align to this model, as GDIT is doing as part of our digital engineering approach – just as we’re incorporating things like Zero Trust, software factory and other solution efforts. Our entire digital engineering approach is moving toward XaC and, of course, we’re also using XaC to enhance the cybersecurity resiliency and the cybersecurity posture of our clients as well as ourselves. We’re including XaC in our recommendation moving forward and, importantly, our investments in understanding and implementing Zero Trust architectures is core to that effort.

The XaC approach allows us to make capability changes quickly and gives us the ability to respond and adapt to adversaries, which is the only way to survive in the cybersecurity domain. You have to evolve, and you have to at least be as flexible as your adversaries. By taking an XaC approach, we can do predictive modeling that drive efficiencies, and we can scenario plan, rather than having the scenario handed to us by our adversaries.

And that’s exactly how it should be.

0