Cultures and Languages
If you think there is an easy solution to the complex problems of cybersecurity and cyber defense, you need to think again. There is no easy button for cybersecurity; no quick solution for cyber defense.
One of the reasons that it is so hard is that there are so many different perspectives and viewpoints. And, each of those perspectives can have their own verbiage, terms, and languages. I mean let's face it, if you want to be proficient in a foreign land, you have to learn the culture and language. There is no easy shortcut.
Cybersecurity is no different, if you want to be proficient in cyber, you have to learn the culture and languages.There is the criminal culture of the bad actors. There is the technical culture of the network hardware and operations. There is the business culture of the enterprise. You can't just focus on one of these and succeed.
If you focus only on the enterprise's network and try to create the impervious firewall that only lets the good guys in, the bad guys will spoof the good guys.
If you focus only on the business model and culture, the bad guys will exploit the weakness and vulnerabilities of your network.
If you focus only on the bad guy’s past exploits, you'll find that they change their tactics, techniques, and practices faster than a chameleon changes colors.
You have to have a unified and holistic approach to protecting your enterprise and building your cyber defense strategy.
Consider the numbers that an enterprise faces. Usually, there are only a few security specialists at an enterprise, compared to the overwhelming numbers of ill-intentioned bad guys trying to breach the enterprise. It is just not fair!
It is my opinion that in order to balance the effort equation the good guys have to band together. What I mean is that they have to communicate between each other so that they can prepare for what their peers are experiencing.
In order to effectively share experiences and knowledge we have to have a common language to communicate with our co-defenders. This is where standards, common models, and common languages come into the picture.
Unified Cybersecurity Ontology
The University of Maryland, Baltimore County (UMBC) describes the Unified Cybersecurity Ontology (UCO) in this paper.
Having been challenged by inter-system communication issues in cybersecurity, the UCO is definitely an advancement toward a common language. By creating UCO they have pulled together the relevant standards and vocabularies into a usable form. They have mapped STIX, CVE, CCE, CVSS, CAPEC, CybOX, KillChain, linked data concepts, and STUCCO into a very convenient package.
Adopting these cybersecurity standards, vocabularies, and ontologies allows an enterprise to share and correlate information between multiple devices and appliances, and it allows the enterprise to share information in a meaningful way with other enterprises and the broader cybersecurity community.
Does YOUR enterprise use a common language to communicate with co-defenders?
What to Focus On When Improving Cyber Defense