News

Analysts: Enterprise Architecture Key To Stopping Cyberattacks

Enterprise architecture must be a key part of the strategy used to protect computers and networks from cyberattacks, said Ron Ross, a National Institute of Standards and Technology senior computer scientist, at the recent Government Technology Research Alliance symposium in Hershey, Pa.

Ross said he first thought security would cure all enterprise architecture challenges, but he quickly learned that idea is flawed.

"When I got into actual discussions, I turned my view around to the point to where I think we can't be successful as security professionals unless enterprise architects are successful on their end," Ross said. "Enterprise architecture, I believe, is going to drive the ultimate success of protecting our critical infrastructures."

The need for protection grows every day, said Scott Bernard, deputy chief information officer at the Federal Railroad Administration. Bernard said combating malware on computers is similar to fighting a chronic human sickness.

"I believe that many public- and private-sector operating environments are infected," Bernard said. "The malware is so sophisticated and pervasive that even if you know your environment is infected, you may still not be able to eradicate it completely."

The latest forms of malware pose serious challenges for chief information officers and chief architects, he said.

"Because this malware allows you to continue operations," he said, "it just lays dormant and then pops up to record things. Then it goes back to sleep. When it pops up again, it expatriates a whole bunch of your information. That's the reality of today."

With just a few Google searches, people can find malware and information, Ross said.

"It used to be hackers were real smart folks, and there weren't that many of them," Ross said. "But now with these downloadable tools, it has empowered virtually mass numbers of people to do great damage."

Deploying information technology in an undisciplined way contributes to the security problems, Ross said. Well-architected systems are much easier to protect, he said.

Security experts need to know how systems work and how they integrate together to protect them, he said.

"You can't be forced to look 360 degrees around your systems and expect to catch everything all the time," Ross said. "You have to be able to narrow the focus, and that means using architecture to build leaner and meaner systems."

About the Author

Doug Beizer is a staff writer for 1105 Media's Federal Computer Week.

comments powered by Disqus

Featured

  • The Science Behind User Interface Design

    UI design expert Billy Hollis helps developers and designers grasp the principles of the human visual system to create interfaces that are not only functional but also intuitive and engaging.

  • Random Forest Regression and Bagging Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the random forest regression technique (and a variant called bagging regression), where the goal is to predict a single numeric value. The demo program uses C#, but it can be easily refactored to other C-family languages.

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

Most   Popular

Subscribe on YouTube