Intruders spent more than a year inside the DNC and six months inside OPM. The 2013 Yahoo hack wasn’t discovered until stolen data appeared for sale in 2016. Everything we know about security suggests that while intruders have the advantage at the perimeter (they only have to be right once to get in), that balance should flip once they get inside (where every move could expose them). But they seem to have an advantage even once they get inside. We’ve spent years trying to defending the interior, but until we solve this puzzle, all the defense in depth in the world won’t help.
Jumping the wrought iron fence surrounding the White House is easy, but hiding inside is almost impossible. The Secret Service solves an analogous challenge by focusing on understanding and controlling the environment that they defend. Today, this approach may seem too difficult given the dynamism and complexity of the network, but without knowledge and control, attackers will continue to have an advantage both at the perimeter and once they get inside. This talk will examine how the Secret Service defends the President, how their approach can improve cybersecurity, and what we need to do to get there.