News

NSA Official Says 3 Steps Can Thwart Cyberattacks

Computer systems with proper security and network controls should be able to withstand about 80 percent of known cyberattacks, according to a senior National Security Agency (NSA) official.

There are common steps that people can take to bolster computer security and make it more difficult for would-be-hackers to gain access, Richard Schaeffer Jr., the NSA's information assurance director, told the Senate Judiciary Committee's Terrorism and Homeland Security Subcommittee on Tuesday. He identified three measures in particular as being especially effective.

"We believe that if one institutes best practices, proper configurations [and] good network monitoring that a system ought to be able to withstand about 80 percent of the commonly known attack mechanisms against systems today," Schaeffer said in his testimony. "You can actually harden your network environment to raise the bar such that the adversary has to resort to much, much more sophisticated means, thereby raising the risk of detection."

Schaeffer said NSA works directly and indirectly with vendors to develop and distribute configuration guidance for software and hardware. Since 2005, NSA has worked with Microsoft, the U.S. military, the National Institute of Standards and Technology, the Homeland Security Department and the Defense Information Systems Agency to establish consensus on common security configurations for Microsoft operating systems, he said.

For example, Schaeffer said the announcement by Microsoft of the release of Windows 7 was quickly followed by the release of the security configuration guide for the operating system. He said that NSA, in partnership with Microsoft and parts of the Defense Department, was able to enhance Microsoft's operating system security guide without hampering a user's ability to do everyday tasks.

"All this was done in coordination with the product release, not months or years later during the product lifecycle," he said in prepared remarks.

About the Author

Ben Bain is a reporter for 1105 Media.

Featured

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.