For the past few weeks, Palo Alto Networks has been proud to play an important role in a pan-European military communications exercise, US European Command’s Combined Endeavor 2014. The Combined Endeavor exercise, hosted by US European Command in Germany, exercised C4 (command, control, communications and computer) systems to prepare NATO and Partnership for Peace militaries for multinational operations.
I was quite excited to see the role Palo Alto Networks products were playing in the broader Combined Endeavor exercise. Now that the exercise is complete, we will share more details in an upcoming post on the visibility to applications, content and users we provided on the mission network during this important exercise among the 17 NATO and 11 Partnership for Peace nations. For now, let me share my own perspective.
This past week I was honored to be in Europe to present at Cyber Endeavor. Cyber Endeavor is a subset of the larger Combined Endeavor exercise. The Cyber Endeavor seminars, as their name suggests, focus on the subject of cyber, both in education and collaboration. As US European Command describes it, the Cyber Endeavor goal is “to improve force readiness for deployment in support of multinational crisis response, exercise and future missions." This particular Cyber Endeavor brought together private industry, academia and government. Beyond the seminar itself, there were other ongoing activities to help the militaries exercise and otherwise test their cyber capabilities.
During my presentation on Information Security Management, it was heartening to see numerous countries represented. As we often do, I reiterated the need for full visibility of what is happening on your network – do you know what applications and content are on your network and who is using those applications, for what purposes?
With an increase in applications, and the ever-increasing use of SSL in common applications, this visibility is ever more important. As you should know by now, attackers use common protocols to "hide" in plain sight so it's important not to blindly allow SSL communications or unknown UDP and TCP. And we need to go beyond visibility to network segmentation. If an adversary gets on your network, segmenting the network prevents the adversary from having full reign, helping to limit your exposure. Get familiar with your soldiers’ use cases and establish your policies to allow them the appropriate application access, while denying those not needed.
But militaries (and other government agencies) can’t stop there. If there are control systems on the network to run a myriad of functions from weapon systems to simply HVAC systems, they must be locked down from the traditional IT network. During my Cyber Endeavor talk, I emphasized the good news in that these networks have a limited set of protocols, making it easier to limit your exposure. Allow only the control network protocols and applications and deny all others – and be sure to validate the content. When it comes to control systems, recall that the recent Havex variant used the ICS protocol, OPC, to recon the network. Likewise, fewer people need access to these networks. Lock down the network to only legitimate users and make it much easier to recognize and thwart attacks on these important systems.
As we know, cyber knows no boundaries. Our ability to partner across nations to ensure our readiness and resilience in the cyber domain is now and will continue to grow increasingly important. We thank EUCOM for allowing us to participate in this all-too-important exercise across nations. Stay tuned for our next post in which we’ll provide more details on how Palo Alto Networks supported the Combined Endeavor exercise.