The SolarWinds software supply chain hack represented a seismic shift in cybersecurity awareness for public and private sector organizations. The attack, which compromised thousands of organizations, including at least nine Federal agencies – laid bare the reality that organizations may be compromised even if they don’t know it yet, and even if they are diligent about cybersecurity.
This newfound awareness has generated renewed calls for government cybersecurity investment. President Biden’s proposed fiscal year 2022 budget, for example, calls for $9.8 billion in cybersecurity funding for civilian agencies, up 14 percent year over year.
Growing awareness has also prompted the embrace of nascent capabilities such as network as a sensor. A complement to traditional cybersecurity solutions, network-as-a-sensor capabilities leverage the network as an always-on, always-aware sensor from which agencies can capture and analyze rich telemetry to gain broad and deep visibility into all activity on the network.
Discussions of network security and resiliency often revolve around firewalls, intrusion prevention systems, network access control, network threat mitigation, and anomaly detection – typically operating at the network and transport layers (Layers 3 and 4). But today, agencies can go deeper – to Layers 0, 1, and 2 of the network – to bolster their network security even more.
“Protection at the lowest layers of the network enables the network to be more reactive to threats and failures. Agencies are able to detect things that normally they wouldn’t even be looking for. This capability really hasn’t been available in the past,” said George Holland, vice president and general manager of Ciena Government Solutions.
Because of this new ability to protect low layers of the network, agencies are more likely to identify bad actors than when their cybersecurity posture rested entirely on traditional systems, according to Steve Alexander, senior vice president and CTO of Ciena, a networking systems, services, and software company.
Network-as-a-sensor capabilities also help agencies ensure resiliency in the event of network interruptions or other service problems. In many cases, the root cause of a problem can be identified in hours rather than days or weeks.
For example, when a defense unit found a mission-critical application didn’t work in the field, the unit almost asked a systems integrator to rewrite the application. But the problem wasn’t with the application – it was with the network.
Standard network management systems didn’t identify the real cause of the problem, leaving the unit in the dark. However, working with Ciena, the unit was able to record network activity over a few days, assess the problem, and adjust the network so the application performed as desired. As a result, the unit avoided millions of dollars in unnecessary software reengineering.
Network as a Sensor in Action
At Layers 2 and 3, network-as-a-sensor capabilities help agencies get a real-time picture of how data is flowing across the network and conduct network forensics to determine the cause of a problem. For instance, an agency can see when the network is taking jitter or extra latency because part of the network is saturated or information is moving without permission.
At Layer 1 and Layer 0, network-as-a-sensor capabilities help agencies analyze how the network performs over time. By identifying and analyzing patterns, agencies can predict when a component will fail, for example, and make changes before that happens.
Ciena’s network-as-a-sensor solution utilizes coherent optical modems at the lower layers of the network to gain visibility into a wide range of factors: the type of fiber and any stress on it, the distance a signal has traveled, the exact location of a break in the fiber, changes in the fiber type or characteristics, and more. This information helps agencies quickly respond to problems – which might be simple equipment failure or a sign of nefarious action.
“People think the lower layers are just pipes, they just connect the bits, which then magically show up at the routers, right? Well, not exactly,” Alexander said. “A lot of science and technology goes on underneath, and because the lower layers haven’t gotten a lot of attention, there are some substantial places that bad guys could get in. In order to secure the network as a whole, you can’t leave any part out of touch.”
By leveraging network-as-a-sensor’s rich optical telemetry, analytics, and automation, agencies will gain a more resilient, secure, and adaptive network, according to Holland. “It’s about doing everything you can to protect yourself,” he said. “Just because you have an alarm system doesn’t mean you don’t lock your doors as well.”