"Now you know, and knowing is half the battle," were words spoken at the end of every G.I. Joe cartoon during the mid-1980s and served as a conclusion to public service announcements. For some reason this statement has always stayed with me and I often use the saying, typically in a sarcastic manner. But late last week and again this morning this 80s era disclaimer resonated once again after the U.S. House of Representatives passed bill 4061, "To advance cybersecurity research, development, and technical standards".

The main tenant of the bill requires President Obama's administration to perform assessments of each agency in order to determine "cybersecurity workforce skills".  Additionally, it establishes a scholarship program to be used by undergrad and grad students who also agree to work for the government as "cybersecurity specialists" after graduating. The push is on to educate the current and future government workforce on all things cyber:

“Investing in cybersecurity is the Manhattan Project of our generation,” Representative Michael Arcuri, Democrat of New York, a sponsor of the bill said on the House floor last week. “But this time around we are facing far greater threat. Nearly every high school hacker has the potential to hamper our unfettered access to the Internet. Just imagine what a rogue state could do.”

Mr. Arcuri said that the federal government will need to hire between 500 and 1,000 more “cyber warriors” each year to keep up with potential enemies. Troops online “are every bit as important to our security as a soldier in our field,” he said.

This is an important step in our ongoing cybersecurity battle. The Senate plans on introducing a companion bill soon and that should be a priority since the new proposed budget, while increasing overall defense and cyber related spending, does cut the Homeland Security Department’s cybersecurity division. The hope is that the separate House/Senate bill(s) will make up for that hit at DHS, while starting to create future cybersecurity experts. It seems as though both the House and Senate are taking the topic of cybersecurity seriously and will earmark funds for cyber education.

Although details are still lacking on what the final bill will look like, the focus on education is welcome since "knowing is half the battle".

Next week is my favorite week of the year. It's the Sales Operations meetings held at our headquarters in Austin. Each year we bring the sales people and sales engineers together to review the previous year and preview the year moving forward. More importantly I get to show off.

2009, from all facets, was an incredible year here at BreakingPoint. Sales had an amazing year, with huge growth. Our employee base grew by nearly 30%, much of that being our heavy investment in the security group. We put out 3 major releases and 3 minor releases of our firmware for the BreakingPoint Elite. And our application protocol list now tops more than 100 and our strikes are over 4,300.

This news is certainly exciting, but that was last year. And this is a completely new year and we are ramping up in engineering like you could not imagine. The next firmware release will once again improve the performance of everything from our application protocols, security engine and our SSL. And, of course this is all done without having to replace your blades and at no extra cost. Bet your other vendors don't say that every year.

Next month I'll be putting together a screencast showing you all the features in our next release. I'll save all the juicy bits for then, but here is a teaser of what to expect:

• Five new test labs, including huge strides for mobile networks.
• Changes in the way we are using the NetLogic network processor.
• Switch from using our network processor cores to do SSL, to leveraging the encryption engine on the chip itself (the impact this has on our number of handshakes is staggering).

Last year we changed the way people test their network equipment, this year we will set the standard.

Reminds me of when I worked at Cisco many years ago and Kevin Kennedy (Vice President) would show a slide in which Cisco was compared to other similar companies. There must have been 30 companies listed and at the time 3Com was below us, Lucent ahead of us and all the way at the top were companies like HP. At the time HP was 10x the size of Cisco. Today, Cisco is tens of billions of dollars ahead of HP, with a third of the employees. 

Every year that presentation showed Cisco passing yet another company. We have the same chart for our industry and the same goals, and some companies were ahead of us at the beginning of 2009. During 2009 we passed four of them and this year we will pass four more. And one day, like Cisco, we'll be at the top of everyone else's list.

NOTE: Sometimes Cisco didn't pass a company, the company fell. I'm seeing a lot of that lately, maybe I should send some flowers.

Media headlines tell us we should be concerned about IPv6. After all, cyber criminals are already "taking advantage of IPv6 vulnerabilities" and we are running out of IPv4 addresses "at an alarming rate". But there are so many unanswered questions around IPv6 and shifting through what is truth and what is hype can be a challenge. We figured we would take on the IPv6 conversation in our next webcast and answer the questions you have been asking:

• What does IPv6 actually mean for my network?
• Will we really run out of IPv4 addresses in 2011?
• Is IPv6 only about address allocation or is it also more secure than IPv4?
• Is the IPv6 standard ready for prime time?
• Are cyber criminals actually using IPv6 today to attack networks?

I'll be moderating the conversation and joined by BreakingPoint CTO Dennis Cox and Software Architect, Brent Cook. Brent wrote the post, "6 Surprising Facts about IPv6" and both gentleman will be taking your questions during the session. Here are the details:

If you ask your IT team if your network is secure, hopefully they'll say 'yes'. If you ask a hacker, I'm pretty confident they will say 'no'. Technically, it is the hacker that is right, but a more informative answer is 'somewhere in between'. It's a black and white question with a gray answer.

I minored in physics, and while that didn't turn me into a great physicist, it did teach me a different perspective on the world. If you stick with physics long enough to cover the Heisenberg uncertainty principle you learn that nothing is certain in the universe. The best you can do is a probability that can approach certainty, but you can never quite get all the way there.

Using that perspective, the best answer you can hope for about network security is "probably" or "mostly". The hacker knows that even if you've applied every patch to every system on your network, there are dozens of known exploits that don't have patches available yet. Some of those might have been publicly disclosed, so anyone could take advantage. The others might not be publicly disclosed, but that doesn't mean a bad guy somewhere hasn't discovered it independently. That same bad guy might have a dozen more exploits that the vendor is unaware of, in that case there isn't even a patch in the works.

Even if network security was a certainty, there are other vectors for exploits. A trojan could come in via email. An employee could bring in an already infected notebook and plug it into the network. The list goes on and on.

Now you might be tempted to throw up your hands at the futility of it all, but that's black and white thinking. You can't eliminate the possibility of a breach, but you can reduce its probability. You can keep your software patched and allow for fewer exploits. You can run an IPS to detect and block exploit attempts. You can enforce policies like blocking web sites, scanning email, and forbidding high-risk protocols to reduce access to alternate vectors.

Since you can't completely eliminate the possibility of a compromised system on your network, here is a scary question: How do you know you don't have a compromised system right now? Ask yourself this - if an exploit did slip into your network, how likely are you to discover it? There was one time when I accidentally deployed an open mail relay on my home network. I discovered it was being used to relay spam because I could see the blinking light at night, indicating network traffic when I knew I wasn't using the network. You'll probably want to use a more sophisticated technique. Here are four areas to consider:

Detection of Attacks

The reason detection is important is because it builds a layered defense and because of the way probability works. If there's a 5 percent chance that an exploit can make it into your network and 5 percent chance an exploited system will go undetected, then there's only a 0.25 percent chance that someone will manage both feats at the same time. You can't get all the way to zero, but you can make the probability very small.

Detection of compromises is something that's often neglected. Aside from monitoring logs on your systems, you can use honeypots on your network to detect systems attempting to propagate worms, or users probing the network. There are tools available for monitoring for bad behavior from your own systems (I helped build one at my previous job).

Protecting and Monitoring the Data

Don't forget your data - if you've got a database full of sensitive data, you'll want to make sure that data isn't compromised and doesn't escape out into the wild. You might consider inserting "canaries" into the data. By that, I mean fake entries that can be monitored. For example, if your database contains email addresses, you might insert a few that are otherwise unused and monitor them in case a wayward employee starts selling addresses to spammers.

Recovery Plans

Don't stop there, your defense scheme needs to bring things all the way home. Your ultimate goal is not so much network security itself, but to prevent business loss due to a security lapse. You can keep building layers till you cover all aspects, including recovery. What's your recovery plan in the case you detect a compromised system? If you plan to restore from backup, have you verified the backup wasn't already compromised? Does your insurance cover losses due to security lapses?

Cyber Simulation

And finally, whatever your complete solution, do not just set it up and cross your fingers that it will work. You'll need to run simulations so you can see it work under realistic conditions. Now don't forget to run simulations that are as realistic as possible, because remember, it's not about black and white. It's about improving your odds.

Tomorrow begins a mad rush of cyber security events throughout the country. BreakingPoint will have people at several shows over the next month, and in most cases we will be providing on site cyber security simulation demonstrations. In case you are attending one of these shows or simply live in the area and want to meet up give us a shout here or on Twitter. I've listed some of the upcoming events below:

		DoD Cyber Crime Conference January 25-27, 2010  |  St. Louis, MO BreakingPoint will be exhibiting in booth #404 at the Cyber Crime Conference.The conference focuses on all aspects of computer crime and incident response: intrusion investigations, cyber crime law, information assurance, as well as research, development, testing, and evaluation of digital forensic tools. Learn more.
		Netcentric Warfare January 25-27, 2010  |  Arlington, VA BreakingPoint will be exhibiting at IDGA's NCW event. It is the world's largest and most respected event focused on network enabled operations, and the premier forum for the exchange of plans and best practices on the net-centric innovation. Learn more.
		Cyber Warfare January 27-28, 2010  |  London, UK BreakingPoint will be exhibiting and speaking at this conference. Stay tuned for more details on the presentation. Learn more.
		AFCEA West 2010 February 2-4, 2010  |  San Diego, CA BreakingPoint will be exhibiting in booth #2006 at the AFCEA West conference. West is the largest event on the West Coast for communications, electronics, intelligence, information systems, imaging, military weapon systems, aviation, and more. Learn more.
		USEUCOM Intelligence Summit February 15-17, 2010  |  Heidelberg, Germany BreakingPoint is an exhibitor at USEUCOM. The Summit will bring together US and European mission partner capability planners, program managers, intelligence producers, end-users, and subject matter experts from government, military, law enforcement, academia, private sector, and leading edge technology organizations. Learn more.
		NANOG February 21-24, 2010  |  Austin, TX BreakingPoint is the Monday Afternoon Break Sponsor at NANOG. Learn more.