News Stay informed about the latest enterprise technology news and product updates.

DoD urges less network anonymity, more PKI use

U.S. Department of Defense CISO Robert Lentz went down a laundry list of security technologies needed to protect both private and government networks from cybercriminals. The age of anonymity on networks needs to come to a close to improve national cybersecurity, Lentz said at Black Hat 2009.

LAS VEGAS -- The age of network anonymity may be coming to a close, according to a top defense official charged with cybersecurity.

The United States needs to be more agile in defending against attacks from cybercriminals who are constantly infiltrating domestic networks, said Robert Lentz, CISO at the U.S. Department of Defense, during a keynote address to Black Hat USA 2009 attendees.

"One of the top challenges is strengthening our network underpinnings," Lentz said. "We have shifted radically from government-built services and capabilities to commercial services and capabilities."

Black Hat 2009 has all the news and newsmakers at the annual hacker conference. Visit our Black Hat 2009 news page.
With one of the largest public key infrastructure (PKI) networks in the world, Lentz admitted some significant challenges around the technology, including ease-of-use issues and PKI vulnerabilities. He, however, called for the need to embrace the technology to "drive anonymity out of the network as much as possible." PKI drives anonymity out of networks because it requires digitial certificates to verify the identity of people on a network.

Lentz referred to a presentation given Tuesday by noted network security researcher Dan Kaminsky of IOActive, who demonstrated vulnerabilities in the X.509 cryptography found in public key infrastructures (PKI). Kaminsky also reviewed the continued use of faulty hash algorithms by certificate authorities. He revealed that through a simple alteration of the common name in an X.509 certificate, an attacker could trick the certificate authority into certifying the legitimacy of a malicious site.

Lentz reiterated a call from government officials for public-private cooperation to share research and defend against cyberattacks "This is truly an important time for all of us in the security profession," Lentz said. "We have to accomplish a shift to get to a resilient cyber-ecosystem … We need all of you in this room to partner together as a nation and with our international allies to make this shift happen."

He also spoke of the need to deploy DNSSEC, a suite of specifications that use public key cryptography to digitally sign responses to DNS lookups, to better secure the Internet domain naming system. He also reaffirmed the federal government's commitment to support the transition from IPv4 to IPv6.

"For us in the DoD, the race is real and daunting, and we have a lot of significant challenges in front of us," Lentz said.

Lentz said the government continues its research into attack surfaces to produce an agile, dynamic defense capable of not only detecting but being able to take a proactive role to prevent future attacks against government infrastructure before they happen. While virtualization technologies represent a technical challenge for the government, it also opens opportunities for the government to manage attack surfaces appropriately.

"It's all threaded in this area of driving anonymity out of network," Lentz said.

Dig Deeper on Real-time network monitoring and forensics

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.