Why Are Networks so Central to Cybersecurity?

It is common for any experienced person working in cybersecurity today to be asked by

newcomers how they might break into the field. This is an especially popular question for

undergraduates studying computer science who are attracted to hacking, cryptography, data security, and other technical aspects of the discipline, and who suspect that these might serve as a good basis for planning a new career.

My own response to these types of questions is that the student or newcomer should focus on

learning networking. The TCP/IP and related networking and protocol suites used across

the business, government, and infrastructure today serve as the lingua franca for both offensive

attacks and defensive measures. To properly understand cybersecurity, one must understand

networking—and there is no shortcut.

Networks and Cybersecurity

To recognize this close bond between networks and cybersecurity, it helps to revisit the

original conceptual model of security protection that was introduced many years ago by James

Anderson. His early work defined the still-applicable foundational purpose of all security

operations: namely, to provide policy-based enforcement of access from some active entity to the

desired resource. This is the basis for all access controls in place today.

Modern security experts understand that access to resources is uniformly done over networks

today without exception. As such, the playing field for all malicious hacks, resource defenses

and other types of security controls is the network. It provides the infrastructure on which all

activity proceeds, so that experts have come to recognize its central role in providing visibility

and coverage of target activities happening in the network, as well as a means for performing

live prevention, detection, and response.

Figure 1. Networks as a Playing Field for Malicious Activity

Network Security Approaches

The protection approach used to address network security risk will vary based on local

resources and the organizational mission. Most security solutions, however, tend to fall into

one or more aspects of the familiar NIST CSF functions, which include identification, protection,

detection, response, and recovery. Each of these security functions aligns well with some aspect

of the network security equation:

 Network Identification. This task involves locating and organizing accurate information about the network assets to be protected. It is one of the most challenging aspects of network security given the diversity, complexity, and arrangement of most network infrastructure.
 Network Protection. This task is preventive in nature and includes the selection and implementation of controls that help to avoid threats. The industry refers to this type of approach as a “shift left,” and it is especially attractive since avoidance of attacks is the most efficient means for addressing risk.
 Network Detection. This task requires good visibility into the relevant network activity that can be used to make decisions about security. Encryption and other network controls, along with exploding network size and traffic volume, often make detection more difficult, but excellent means exist to monitor networks for evidence of the attack. As we will see, pioneer security start-up, Cynamics is raising the bar even higher from detection to prediction.
 Network Response. This task involves taking immediate actions to minimize consequences while an attack is beginning or ongoing. The industry references this type of control as a “shift right,” and it recognizes the fact that, for most organizations, attacks will be inevitable and unavoidable. The question is thus how to minimize their impact and reduce harm.
 Network Recovery. This is the task that follows a consequential network attack and requires the restoration of resources and services. Network recovery is a tough task, because restoration tasks might be hampered by damages that exist to the very networks being recovered.

This blog series focuses on all aspects of NIST CSF tasking for networks, but primary attention is

given to network visibility. Our assertion is that this aspect of the security ecosystem is

the most essential and foundational aspect of protecting network resources, and the idea of

developing a network blueprint might be one of the most important tasks the enterprise

security team completes reducing cyber risk in a meaningful manner.

About TAG Cyber

TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights

and recommendations to security solution providers and Fortune 100 enterprises. Founded in

2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-

for-play research by offering in-depth research, market analysis, consulting, and personalized

content based on hundreds of engagements with clients and non-clients alike—all from a

former practitioner perspective.

permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as

consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report