"The DOD is now completing deployment of the Host Based Security System (HBSS) that provides cybersecurity capabilities for millions of endpoint or host computing devices across the Department. This deployment took a long time, cost significantly more than expected, and proved to be a complicated and very difficult undertaking.
This experience has instilled a `never again' attitude among DOD's cybersecurity leadership regarding enterprise-scale endpoint security solutions. Instead, DOD appears to be hoping that network-level security enhancements will not only overcome the weaknesses in the current HBSS, but enable the Department to meet future cybersecurity threats. The Commander of U.S. Cyber Command has also publicly characterized endpoint security for today's `thick-client' desktop, laptop, and mobile device computers as an exercise in futility on the grounds that it is impossible to coherently manage, monitor, and update millions of such devices distributed across the globe. In addition, the Commander of U.S. Cyber Command points out that the Command currently does not even have visibility or the ability to directly control those endpoints because (as noted elsewhere in this report) they are typically `hidden' behind enclave firewalls and other security devices. The Commander argues publicly that `endpoint security' will be viable only in a cloud environment where endpoint computing is virtualized and provisioning and control are centralized and fully automated.
The HBSS system itself is fundamentally based on anti-virus technology, which works only when the signature of an attack is already known. This requires that HBSS-protected computers store a large and ever-growing file of malware signatures. The communications load necessary to keep HBSS up-to-date in the field in some circumstances forces commanders with low communications capacity to choose between operating HBSS and performing their tactical missions, which results in HBSS being turned off.
The committee is concerned that these views are short-sighted from multiple perspectives. Constant, rapid malware morphing is a reality, and the growing use of encryption (for example, the Hypertext Transfer Protocol Secure), suggest that endpoint security solutions will remain essential. Further, industry is now rapidly developing and marketing endpoint security solutions that do not rely on signatures and potentially could vastly reduce the `overhead' associated with HBSS. Some of these technologies enable `discovery' of previously unseen cyber threats at the endpoint, which could transform host computers into a much improved sensor grid for the enterprise.
Moreover, as noted elsewhere in this report, DOD must soon rationalize its networks to reduce the number of segmented enclaves, which should extend visibility and easier provisioning and control to endpoints. Finally, although the Commander of U.S. Cyber Command is promoting a fast transition to a cloud-hosting environment, it may take a long time to replace millions and millions of desktops, laptops, mobile devices, and other distributed computers with thin-client devices served exclusively from the cloud."
#msg-777341
An exercise in futility.
It is admittedly opaque. But a picture seems to emerge of the arguments presented by the two sides. I hardly see visibility for Wave - on either side of the discussion.
At first, Alexander seems to be arguing that an anti-virus-dependent HBSS is complex and useless and sometimes has to be switched off for operational purposes. So my first thought was - he seems to be pointing towards a solution like Wave's: "endpoint security' will be viable only in a cloud environment where endpoint computing is virtualized and provisioning and control are centralized and fully automated."
Okay. HBSS is an alternative to TC, I guess. The thing it is intended to replace.
The committee responded by arguing that Alexander is exaggerating the problem with the HBSS (or let's call it the legacy) environment, which is gradually evolving in the right direction; and that if Alexander gets his way, existing thick-client equipment will have to be replaced with thin-client alternatives.
Which seems to reveal something unTC about Alexander's position. No mention of OPAL drives. The committee seems to see him as supporting a cloud-dependent, thin-client option: "it may take a long time to replace millions and millions of desktops, laptops, mobile devices, and other distributed computers with thin-client devices served exclusively from the cloud."
The committee is presumably in the pockets of the incumbent anti-virus operators. Stick with legacy is their message. Evolve with the anti-virus industry.
Alexander opposes this view. But it also sounds like he has no faith in the trusted robust client described by TC. No mention of Opal drives, TPMs etc.
I must have missed the development of a secure thin-client, cloud-based solution.
Anyone else know what they are talking about?
I'd have thought players a lot larger than Wave might have influenced the discussion more in the direction of a TC solution. MS, for instance.
| 