Of ‘Honeypots’ and NATO Cybersecurity
The new NATO Computer Incident Response Capability (NCIRC) will be designed around a defense scheme that may well include such components as traps for attackers known as honeypots, among other proactive defense tools, one of the experts behind the program said July 11 at the Farnborough International Airshow.
The NCIRC contract was awarded to a Northrop Grumman/Finmeccanica team in February, and the program has passed its proof of concept testing, company representatives said at the press conference.
NCIRC is scheduled to be fully operational by the end of 2012.
Dennis McCallam, director of information systems cybersecurity at Northrop Grumman, said the system is being built around an “active defense” approach. The term is used to describe everything from cyber situational awareness to operations that include responding to an attacker with disruptive actions.
“I think a key component of this is the ability to have an adaptive, agile defense, and all those components that go with it to allow you to respond quickly and decisively,” McCallam said.
McCallam said the system may include honeypots, which are fake, seemingly desireable targets designed to lure attackers into revealing their activity.
“If you google active defense, honeypots will be in there,” he said. “It’s all part of the game. Whatever you can do to understand what’s going on and be able to adapt to it.”
Cyber experts continue to debate the value of honeypots, as the ability of a network administrator to use the information gained from the trap is disputed.
Company representatives said they were not permitted to discuss potential offensive cyber capability built into the design, but did not dispute that the system would be outfitted accordingly.