Page 186 - ITU KALEIDOSCOPE, ATLANTA 2019
P. 186
2019 ITU Kaleidoscope Academic Conference
The economic advantages to be gained by automation are
better security at lower costs due to faster response times. In
addition to lower costs, another advantage of vendor agnostic
cybersecurity standards is removing ‘vendor lock-in’. The
commoditized interface [58] will force vendors to compete
on price and functionality, and this should spur innovation as
well. Several vendors recognize this and have made
significant contributions [59]. Standards have been shown to
spur innovation [60] by removing artificial barriers. In the
case of the standards mentioned in this article, the intent is
that standardizing the interface will allow innovators easier
entry into the market due to the ‘plug and play’
Figure 4 – Automation Flow standardization with existing customer ecosystems. Open
source software projects are beginning to appear to support
Efforts in this area are not confined to classic IT but also the community [61-69].
affect OT as cyber-physical systems disrupt many industries
[51]. California Energy Systems for the 21st Century (CES- An area where healthcare has been in the lead is in the area
21) seeks to address the cybersecurity challenges of future of software transparency and using the Cybersecurity Bill of
energy systems in California [52]. The energy industry has Materials (CBoM) for vulnerability analysis. A CBoM
increasing challenges as more energy generation moves to contains both a traditional hardware bill of materials and a
the edge (e.g. wind and solar power) while attacks increase Software Bill of Materials (SBoM). The US Federal Drug
both with IoT as a target and with IoT as a vector of attack Administration (FDA) now includes CBoM as part of the
[53,54]. CES-21 has developed a framework similar to pre-market guidance to medical device manufacturers [70]
IACD which utilizes the concept of a machine-to-machine and the US National Telecommunications and Information
(M2M) automated threat response (MMATR) which uses Administration (NTIA) conducted a successful proof of
existing standards to the extent possible and identifies where concept (PoC) with multiple healthcare delivery
new standards are needed. CES-21 has been active in organization and multiple medical device manufacturers [71].
TM
TM
STIX , TAXII , OpenC2 and CACAO.
5. CONCLUSIONS
JHU/APL did studies on their network comparing various
automation scenarios with their current manual scenarios Cybersecurity standards being developed today will enable
[55]. Figure 5 shows their findings. Computers scale better future IoHT systems to automatically adapt to cybersecurity
than humans, so more indicators were analyzed and threats in real time, based on a quantitative analysis of
efficiency was increased. The most significant finding was reasonable mitigations performing triage to economically
the attacks were stopped two orders of magnitude faster, optimize the overall healthcare outcome. Quantitative risk
resulting in significantly less damage. analysis will use standards such as FAIR and DoCRA.
TM
Automation will be driven by standards such as SBoM,
TM
TM
STIX , TAXII , OpenC2 and CACAO.
REFERENCES
[1] M. Andreessen, “Why Software Is Eating The
World”, The Wall Street Journal, August 20 2011.
Available
https://www.wsj.com/articles/SB1000142405311190
3480904576512250915629460 .
[2] International Telecommunication Union,
Recommendation ITU-T Y.2060, Overview of the
Figure 5 – Automation Advantages Internet of things, June, 2012. Available
https://www.itu.int/rec/T-REC-Y.2060-201206-I .
Phantom Cyber, a security orchestration vendor, published
similar savings in combating phishing [56]. Their customer [3] J. Rodrigues, D. Segundo, H. Junqueira, M.Sabino,
reduced phishing incident response costs by 98% and saved R. Prince, J. Al-Muhtadi, V. De Albuquerque,
$1.06M annually. "Enabling Technologies for the Internet of Health
Things", Access IEEE, vol. 6, pp. 13129-13141,
Zepko, a managed security service provider in the United 2018.
Kingdom, used OpenC2 to increase the efficacy of their
Security Operations Centre (SOC) by 25-30% [57].
– 166 –
