News

Analysts: Enterprise Architecture Key To Stopping Cyberattacks

Enterprise architecture must be a key part of the strategy used to protect computers and networks from cyberattacks, said Ron Ross, a National Institute of Standards and Technology senior computer scientist, at the recent Government Technology Research Alliance symposium in Hershey, Pa.

Ross said he first thought security would cure all enterprise architecture challenges, but he quickly learned that idea is flawed.

"When I got into actual discussions, I turned my view around to the point to where I think we can't be successful as security professionals unless enterprise architects are successful on their end," Ross said. "Enterprise architecture, I believe, is going to drive the ultimate success of protecting our critical infrastructures."

The need for protection grows every day, said Scott Bernard, deputy chief information officer at the Federal Railroad Administration. Bernard said combating malware on computers is similar to fighting a chronic human sickness.

"I believe that many public- and private-sector operating environments are infected," Bernard said. "The malware is so sophisticated and pervasive that even if you know your environment is infected, you may still not be able to eradicate it completely."

The latest forms of malware pose serious challenges for chief information officers and chief architects, he said.

"Because this malware allows you to continue operations," he said, "it just lays dormant and then pops up to record things. Then it goes back to sleep. When it pops up again, it expatriates a whole bunch of your information. That's the reality of today."

With just a few Google searches, people can find malware and information, Ross said.

"It used to be hackers were real smart folks, and there weren't that many of them," Ross said. "But now with these downloadable tools, it has empowered virtually mass numbers of people to do great damage."

Deploying information technology in an undisciplined way contributes to the security problems, Ross said. Well-architected systems are much easier to protect, he said.

Security experts need to know how systems work and how they integrate together to protect them, he said.

"You can't be forced to look 360 degrees around your systems and expect to catch everything all the time," Ross said. "You have to be able to narrow the focus, and that means using architecture to build leaner and meaner systems."

About the Author

Doug Beizer is a staff writer for 1105 Media's Federal Computer Week.

comments powered by Disqus

Featured

  • Mastering Blazor Authentication and Authorization

    At the Visual Studio Live! @ Microsoft HQ developer conference set for August, Rockford Lhotka will explain the ins and outs of authentication across Blazor Server, WebAssembly, and .NET MAUI Hybrid apps, and show how to use identity and claims to customize application behavior through fine-grained authorization.

  • Linear Support Vector Regression from Scratch Using C# with Evolutionary Training

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the linear support vector regression (linear SVR) technique, where the goal is to predict a single numeric value. A linear SVR model uses an unusual error/loss function and cannot be trained using standard simple techniques, and so evolutionary optimization training is used.

  • Low-Code Report Says AI Will Enhance, Not Replace DIY Dev Tools

    Along with replacing software developers and possibly killing humanity, advanced AI is seen by many as a death knell for the do-it-yourself, low-code/no-code tooling industry, but a new report belies that notion.

  • Vibe Coding with Latest Visual Studio Preview

    Microsoft's latest Visual Studio preview facilitates "vibe coding," where developers mainly use GitHub Copilot AI to do all the programming in accordance with spoken or typed instructions.

  • Steve Sanderson Previews AI App Dev: Small Models, Agents and a Blazor Voice Assistant

    Blazor creator Steve Sanderson presented a keynote at the recent NDC London 2025 conference where he previewed the future of .NET application development with smaller AI models and autonomous agents, along with showcasing a new Blazor voice assistant project demonstrating cutting-edge functionality.

Subscribe on YouTube