Cybersecurity: When “Good Enough” Isn’t Enough

BY  APRIL 15, 20152

If superior cybersecurity technologies exist, there is a responsibility beyond corporate profits or government compliance standards that must expedite their use.

CSI: Cyber
The new TV show CSI: Cyber offers a view of the complexities of cyber attack investigations, offering a glimpse into today's approach to cybersecurity, which is more of a whodunnit than a technological detection.
From the new TV show CSI: Cyber, which offers a view of the complexities of cyber attack investigations, to the seeming insanity of a CEO talking to a CISO about a potential cyber breach, it seems today's cybersecurity approaches are more of a whodunit than a technological detection. Even the whodunit approaches are, at best, time consuming manual assumptions rather than technological real-time security detection of what has really happened.
Although this makes for a highly-viewed TV show, in reality, the current approaches of how we address cybersecurity are more a part of the problem than of the solution. Today we are throwing known ineffective technologies, lots of money and people at reactionary cyberattack approaches that are almost shameful in an information technology industry that created the term, "good enough."
By definition, the "good enough" principle is a rule for software and systems design. It indicates that consumers will use products that are good enough for their requirements, despite the availability of more advanced technology.
Though this definition may technically work for the latest new gadget, perhaps we shouldn't be settling -- we don't want this "good enough" security technology in our cars, homes, banks, businesses, critical infrastructures or national defense systems. If superior cybersecurity technologies that greatly exceed current solutions exist, there is a responsibility beyond corporate profits or government compliance standards that must expedite their use.  


A review of the top 10 young security companies to watch by Network World shares both intriguing and disturbing directions in which cybersecurity solutions could go.
The intriguing part: There's a general focus on technologies that detect cyberbreaches more quickly and accurately, which confirms the focus of both my previous articleand a recent article in Fortune. It's comforting to see that security companies are realizing their solutions must detect breaches more quickly, and that where detection should occur is in the processes and application workflow events. Sadly, however, intended cybersecurity spending is going toward security networks rather than securing application level events, which is where hackers are clearly focusing.
The disturbing part: Some of these new start-up cyber companies are using high-end encryption, but as explained in my previous articles, criminals are actually using encryption to hide their activities and protect their on-demand exploit hacking capabilities. This is such a concern that separately, the FBI, Europol and Britain's MI6 expressed misgivings about technology companies using this method. Encryption has been under the microscope since Prime Minister David Cameron inferred that encryption should be banned. Encryption used properly is a good first line of network defense. The problem, however, is that the majority of cyberexploits are now focused at the application level -- and few IT people secure or monitor activity at this level.
At the second annual Cybersecurity Workforce Summit in Arlington, Va., FCC CIO David Bray was quoted as saying, "We do a lot on signature detection, how can we also move to be much more about behavior, so we can deal with unknowns?"  A good example of signature detection is the new collaboration between IBM and TI on an embedded secure device identity. The problem is that we continue trying to secure things at the centralized hardware and software integration layers when we are operating in a distributed network-computing environment where the applications rule.
Current enterprise security architecture serially analyzes historical output system data log traces to discover if the organization's policies and procedures are in compliance. This enterprise security architecture was designed for centralized computing and is vulnerable to cyberintrusion attacks in the distributed network-computing environment in which we mainly operate today. Hackers know this, and that's why 84 percent of all cyber attacks occur on the distributed network computing application layer. Unfortunately, we do little in securing or managing these critical application events -- events that are the heart of today’s distributed network-computing processes. We must be at the right place at the right time if we are to achieve true cybersecurity. Though today we are not doing this, there are ways to achieve it.


As an adviser to startups with often superior cybersecurity technologies, I have pushed through layers of lab tests and standards groups only to find that status quo big businesses and big government are still playing catch up when it comes to cybersecurity. There are good reasons for this, and we can't just throw technologies out there without some form of investment coordination or technology oversight.
We must keep in mind, however, that we are embarking on a new industry called the Internet of Things (IoT) that has multiple standards and seemingly a disregard for cybersecurity. In the past, cybersecurity has taken a back seat to the next big thing. But with the potential of a billion devices and seemingly endless amounts of big and small data, the fix it later approach in cybersecurity must change. This time around, I don't think even first-to-market money will trump security, and there is good reason.
The CEO of Kaspersky Lab is warning about the upcoming dangers, calling the Internet of Things the "Internet of Threats." Symantec also warns of known IoT security issues.  And IDC noted that within two years, 90 percent of all IT networks will have an IoT-based security breach, although many will be considered "inconveniences."
If IoT wants to be the trillion dollar industry that is projected, it must now be forced to address cybersecurity or people will not trust the products in their cars, homes, workplaces or critical infrastructures. When breaches start getting personal, people will stop using the products that caused or were the source of the breach. Cybersecurity technologies must address today’s security needs; we must find new approaches to secure the billions of devices headed our way in the near future. We know the problems, so now is the time to define true solutions rather than use temporary patch-and-pray bandages.


In today's world, we secure cyberecosystems by giving employees authenticated access to the often-encrypted enterprise system. But most cyberbreaches are inside jobs. So an employee with authenticated access to the enterprise who walks into his or her place of business with a smartphone filled with thousands of apps that can, together or independently, connect to hundreds of other IoT devices is a danger. Some of the apps could be exploit tools he or she will use to breach the network.
Although these methods of cybersecurity are at times a deterrent to cyberbreaches, experienced hackers can use them to their advantage. There are many breach opportunities from this point thanks to the introduction of utility-integrated centralized networks and distributed network-computing environments. They, by design, offer hackers almost endless opportunities to initiate a breach. This is where today's cybersecurity technologies fail (and fail miserably), and where they will continue to fail by design. So where are we going wrong?
The point where security lies is where an organization's policy and procedure applications reside. Knowing this, all we must do is design and build cybersecurity applications that detect, manage and secure the events taking place in the distributed network-computing environment ecosystem.
Every ecosystem is different, as are the security policies and procedural applications that an ecosystem uses. We may have an IoT that does exactly the same thing from a software or hardware perspective, but will work or not work based on the ecosystem's policies and procedure workflows. By converting these workflow policies into an automated intrusion detection application, we can accept or reject event procedural workflow security policies as part (or not part) of the ecosystem. This must be done in microseconds if we are to beat the hacker while allowing billions of software, hardware and IoT devices to securely move seamlessly through multiple ecosystems. So how can we do this?


Most organizations already have defined their expected security policies and procedures on how, when and what data/information can be exchanged by people, systems, devices or applications in their  business  environment. In fact, organizations such as the National Institute of Standards and Technology (NIST) have mandated compliance of these policies and procedures in areas such as critical infrastructure. Organizations have done a good job of targeting security policies and procedures in their workplaces and digital control systems, they just haven't deployed the right technologies to audit, manage and secure these process events in real time.
Today’s cybersecurity crisis stems from the fact that current data-centric 3rd- and 4th-generation programming language-based security products cannot detect real-time cyberintrusions in distributed network-computing applications, security policies and workflows. When it comes to security, current software products only accumulate logs into databases to perform data analytics, discovering wrong policy patterns. The wrong data patterns are added to a knowledge base to implement system patches in an attempt to detect future offences.
Digital Process Management 5th Generation Programming Language (5GL) uses your policies to define the right event patterns (methods and constraints) for conducting business according to policy, accurately determining the relationship between a condition or variable and a particular consequence with one event leading to another. 5GL displays anomalies and normal event transactions at machine speeds, with consolidated audit trails providing deep insights into business transactions. This cybersecurity paradigm shift instantly identifies events that do not follow the right pattern so you can respond immediately to proactively prevent/mitigate the cause and/effect of business impacts in real time.
Fifth-generation code-free software allows organizations to rapidly customize their cybersecurity applications to automatically detect and manage intrusions or flawed operations in security policies, workflows, applications and mobile apps in real time in today’s distributed computing environment. To solve the cybersecurity crisis, organizations must deploy 5GL security applications that are policy-centric not data-centric to prevent cyberintrusions. This is how we can be at the right place at the right time with cybersecurity technologies that will be, at the very least, “good enough” to stop a hacker before the damage is done -- not after.


How to achieve cybersecurity is baffling some of the world's most brilliant minds. Though there is much investment in cybersecurity, it's questionable whether they're for improvements to current methods or solid cybersolutions that will protect us today and prepare us for a much bigger digital connected future.


Visit an automated cyber intrusion detection application to read more about a solution that can achieve more effective cybersecurity solutions, and go to register for free webinars that discuss with top industry experts this needed paradigm shift.
With cloud and IoT applications increasing by the billions, we must ready ourselves for all these applications while simultaneously playing catch-up with the current (and increasing) cyberattacks.
We have reached the point where current cybersecurity technologies cannot neither effectively nor rapidly address our increasingly connected world. The projected use of cloud and IoT applications exceeds all current Internet usage -- so we must build a security platform that can seamlessly allow the use of these technologies while protecting each and every other ecosystem within our digital communities.
Bottom line: We must exceed “good enough” security technologies and create completely new technologies -- that are ready and available today.
Larry Karisny  | 
Larry Karisny is the director of Project, an advisor, consultant, speaker and writer supporting advanced cybersecurity technologies in both the public and private sectors.

Cybersecurity: Taking a Proactive Approach is Key

BY  MARCH 4, 2015

If we are to proactively defend our cybersecurity, we must move away from historical algorithm audit and analysis to real-time pattern recognition audit and analysis.

Given the Anthem data breach, which could rank among the largest identity theft breaches ever, and the 100-bank, $1 billion cyber heist, it's clear we're off to a bad start in 2015 when it comes to cybersecurity.
In fact, Inga Beale, the CEO of British insurance company Lloyd's, estimates that cyber attacks will cost businesses as much as $400 billion a year, including the damage itself and subsequent disruption to the normal course of business. Beale also noted that the firms best prepared for cyberattacks buy insurance -- and 90 percent of cyberinsurance is purchased by U.S. firms, leaving other companies around the world exposed.
So why would companies best prepared for cyber attacks buy insurance? Perhaps it's because they've realized that their current cybersecurity technologies are focused primarily on reacting security breaches rather than proactively stopping cyberattacks.


Information sharing on cyber attacks is an insufficient method for fighting cybersecurity. As Arati Prabhakar, director of the Defense Advanced Research Projects Agency (DARPA) stated, "The attacks are happening in microseconds, so today all we can do is patch and pray, and keep throwing human beings at the problem. We are looking for a fundamentally different way to get faster than the pace of the growth of the threat." In November 2014, Prabhakar called for a change in how cybersecurity is approached.
CEOs, CIOs and CISOs pay billions for cybersecurity solutions only to discover that, at best, these technologies solely help in gathering information after an attack rather than stopping the attack from occurring. These c-level officials are now demanding for proactive cybersecurity solutions that will give them upfront protection -- not just historical evidence of the breach. They know that most breaches are inside jobs, that people are part of the problem and can, with authorization, attack in real time. To defend against this, cybersecurity professionals are looking for new real-time technologies that can audit people-to-machine and machine-to-machine digital actions and proactively protect their pre-designed security policies.  
Yes, people are a big part of cybersecurity breaches. But it's the digital extension of what  people do that must be technically audited -- and if we are truely going to proactively address cybersecurity, this must be done during data in motion. You can't beat cyberbreaches by simply offering manual human log audits and sharing historical breach information. If we are to defend ourselves, to offer true cybersecurity defense capabilities, we must be in front of these microsecond attacks -- not just historically analyzing and sharing the information post-attack. We must move from reactionary cybersecurity methodologies to real-time proactive technologies.


Information sharing when it comes to cyberattacks -- which is the brunt of the new cybersecurity bill -- will at least expose and share the vulnerabilities that will establish better security policies.
But as previously stated, this is not enough. It will help expose vulnerabilities, but it won't offer immediate technical correction to cyberattacks. To get a clear picture of where security policies should be put in place, take a look at this white paper that details the critical infrastructure protection (CIP) compliance for the North American Electric Reliability Corp. (NERC), a nonprofit designed to “ensure that the bulk electric system in North America is reliable, adequate and secure." This document gives industries a clear view of their business and control system processes and events.
The problem with the compliance process is that it is audited by the historical collection of data logs that are then evaluated by people using a software-assisted program like analytics. This is the very same problem that we have with current cybersecurity technologies. We are analyzing historical logs in a historical static environment when we need to be proactively authenticating, viewing, auditing and analyzing the security policy logs in real time during data in motion. Even analytic algorithm technologies cannot offer these real-time capabilities. In order to do this, we must change the location and methodologies of how we view security policies.  


Data-in-motion is this: You have a database waiting to do something and an application that can activate an event process when needed or in microseconds with human- or machine-to-machine activation. We currently secure these processes using antivirus software or firewalls that weed out basic known threats. Now, as hackers routinely overwhelm such defenses, cybersecurity experts say thatcybersecurity is overdue for an overhaul. (See also my January 2014 article Time for a Cybersecurity Overhaul.)
These same experts now realize the knowledge and logging of application activity is where new cybersecurity techniques must focus, and that attempts to protect networks and data perimeters are no longer effective. What they have not yet realized is that the where and how these of these event activities are the key to true cybersecurity. Even these new techniques are focused on the historical review of event logs and not the real-time dynamic work activities. We are always behind the hack. We should not be searching for the problem behind the historical event log, we should be recognizing the anomaly before it occurs. This is our problem; this what we need to correct.
When the application in a digital process does something, it creates a log. This log is where cyberattacks are being detected in hours, months, sometimes even years later -- or not detected at all. If we are to proactively address cybersecurity, we must apply our technologies during data in motion -- prior to the historical log. A data-in-motion application used to be a simple message sent for a specific action or event, occurring from one end point to another.  Today, data in motion carries multiple application event actions that, if exploited, can greatly affect the security policies of a specific process if they are not audited. This point of audit must be done during data in motion, where a casual real-time event can be recognized prior to processes logging. This is where and how achieving true proactive cyberdefense resides.  
My article Will DPM 5GL Save Cybersecurity? focused on these needed corrections. Policies and business processes define the right set of dynamic work activities, which can be described in a causal event patterns. DPM 5GL -- Digital Process Management 5th Generation Programming Language -- monitors the critical causal patterns, and every other activity/event is an anomaly. It is used to monitor the correct activities, not characteristics. Even today’s data analytics examines frequency of data records attributes to discover a characteristic pattern or algorithm that is manually or machine-generated for profiling purposes. We must move forward from historical analysis to real-time 5GL event patterns if we are to successfully monitor data in motion activities. This is where and how we must deploy new cybersecurity technologies to truly defend ourselves against cyberattacks.


If you look at a hack's anatomy, you can see that the hacker not only has the real-time first strike advantage, but he can also manipulate the security policy to make the exploit look like a normal part of the process. Knowing these two critical attributes of a breach -- location and policy exploit -- defines where proactive defense mechanisms must be placed. The tricky part is how to put it in data in motion vs today’s end point input-to-output log analysis that is used in current cybersecurity technologies. The very definition of an algorithm shows how it analyzes and retrieves data from beginning to end while it processes and automates the data. This is the basis of how third generation programming language (3GL) and fourth generation programming language (4GL) work, and this is the window that hackers use to breach the system.
If we are to proactively defend our cybersecurity, we must move away from historical algorithm audit and analysis to real-time pattern recognition audit and analysis. 5GL can achieve this because it does not use algorithms and can audit in real time predefined event policies patterns in microseconds. Simply put, given the compliance or process requirement as explained in the NERC CIP automation suite, we can now view and audit in real time all policy applications pinpointed in the compliance requirements. This is how compliance can actually become cybersecurity, and we can move from historical event log cyber analysis to real-time data-in-motion policy analysis.
5GL just makes sure the right stuff is connected to the right security policies by auditing the policy event action patterns in real time during data in motion. This is how we will at last offer proactive defenses to cyberbreaches. These real-time cybersecurity technologies will become increasingly important as we add billions of devices through the Internet of Things (IoT). These microchip devices connected to the IoT could actuate unwanted events or anomalies during data in motion if we do not defend our process event policies.
With potentially billions of these IoT devices out there, we can’t manually review historical log events to detect a potential breach activated by such a device, which in many cases today we can’t even see. It is imperative the we deploy proactionary real-time security solutions that can defend our digital process against a potential onslaught millions of IoT device actions that could quickly get out of control.  Thisgraphic demonstration shows how proactive cybersecurity technologies actually work and my previous articles share companies actually deploying 5GL technologies to address this critical need.


The federal government’s push of the $14 billion cybersecurity bill is at least a start to defending ourselves against cyberattacks. This recent funding has major research universities scrambling for a piece of the billion-dollar pie, and partnerships like the University of South Florida, Tampa and CENTCOM have established a Florida Center for Cybersecurity to attract this funding.
Interestingly enough, a recent study by security company Enigma Software named Tampa the most-hacked city in America. This fact coupled with U.S. Central Command's location being in the Tampa Bay area may mean a perfect partnership and location for the new Center for Cybersecurity.  We should expect a continued growth of cybercenters and partnerships to be funded around the world.  
On the private-sector side, there is a lot of speculation and suggestion on how Apple should spend its remarkable profits -- and cybersecurity tops the list. Apple has always been known for superior security to competing operating systems, but it has shown that it, too, can be vulnerable to cyberattacks. Still, Apple is best positioned to be the leader in the IoT industry and should take the brunt of the responsibility in securing these new device technologies.
Dan Kaufman, who heads the software innovation division of DARPA, stated in a recent 60 Minutes interview that today, all devices that are on the Internet of Things are fundamentally insecure -- that there is no real security going on. With IoT projections in growth exceeding $1 trillion, securing the IoT could be Apple's greatest success. If not secured, it could be its greatest failure.


With nearly $500 billion projected in cyberattack losses just this year, we are at critical crossroads of addressing cyberattacks. Both the public and private sectors are demanding proactive cybersecurity technologies versus today reactionary options. To achieve this, we must beat the hacker to the punch by deploying technologies that can authenticate, view, audit and analyze known digital policy events in real time during data in motion. 5GL allows us to audit policy event patterns in microsecond speeds during data in motion, which puts us ahead of the hacker.  
We can offer these proactive cybersecurity technologies while we keeping our algorithm bases and 3GL and 4GL technologies in place. These new 5GL technologies can now proactively offer the first defense advantage over the current first strike advantage of the hacker. If we do not do this, we will be overwhelmed by patch-and-pray reactionary cybersecurity approaches that by the sheer volume of cyberattacks will eventually overcome our digital processes. We must deploy new proactive cyberdefense technologies if we are two win the war on cyberattacks in our increasingly connected world. We have the money; we must now direct both public- and private-sector funding toward the right solutions to proactively defend ourselves against increasing cyberattacks.
Larry Karisny  | 

Larry Karisny is the director of Project, an advisor, consultant, speaker and writer supporting advanced cybersecurity technologies in both the public and private sectors.

Will DPM 5GL Save Cybersecurity?

BY  JANUARY 21, 201511

The back and forth hack and patch cyberwar could be devastating. Is Digital Process Management 5th Generation Programming Language the answer?

We are at an interesting crossroads in cybersecurity -- somewhere between cyberwar and cybersecurity. There were more attacks than ever in 2014, including the largest state attacks, and in 2015, there are predictions of even more attacks.
All this comes at a time when the largest use of the Internet -- that will dwarf all current Internet use -- will be massively increased by the Internet of Things (IoT) and cloud computing.  Both are projecting massive growth in the upcoming year with both having known cyberattack vulnerabilities.
Preparation for inevitable cyberattacks is imminent, and these new technologies will offer increased attack vectors. These attacks occur in microseconds, and only technology that works faster than this can fix it.  So what are we doing wrong? And what exactly should we do?
This is where DPM 5GL -- Digital Process Management 5th Generation Programming Language -- comes into play. But what is DPM 5GL? To explain, I must start with some basics.


Remember the days when you simply didn't open an unrecognizable executable file as a means of protecting yourself against cyberattacks? Well those day are long over.  We live in a time when software has been released with admitted back doors, microchips can have hidden malicious functionality, smartphone apps can actually be used as cyber exploit tools, cloud computing breaches are increasing, and the IoT is web of devices being connected to the network without even being seen by the provider. And as we are increasing the potential of breach with new technologies that have even worse vulnerabilities, we have yet to address known cybersecurity vulnerabilities. There will soon be a tipping point of cyber breaches, and all projections point to this year.
But there is a fundamental flaw in all current cybersecurity technologies. They work after the attack has occurred -- but wouldn't it be better to avoid a hack altogether vs receiving notification that your database has been hacked? Would you prefer discovering that your software or chip set is doing something wrong, or would you like real-time validation that it's performing as expected?
At best, current cybersecurity technologies aggregate data that can be historically analyzed in the hopes the problem might be found. This means we are doing little to proactively stop cyberattacks in real time -- and it's why everyone agrees that the cyberattackers will continue to have the advantage. Historical-based cyberattack information technologies are no longer an acceptable option in addressing attacks, as machine actions can occur in microseconds. Cybersecurity must act within microseconds to be effective in securing our information processes. We can no longer use the same current cybersecurity technologies that are, at best, a deterrent, and expect different results. At this point, we are losing ground to cyberattacks.      


One of the recommendations given by cybersecurity analysts is to assume you've already been attacked. This is one of the concerns I have in current Intrusion Prevention Systems (IPS) cybersecurity technologies and Intrusion Detection System (IDS) cybersecurity technologies.
This assumption validates that current IPS encryption technologies are, at best, a first-level defense in cyberattacks -- and IDS technologies didn't even see the attack come in.  With these two valid assumptions (and cybersecurity vendors now admitting to these inefficiencies), we must conclude that our defensive cybersecurity technologies are not enough to stop attacks. If you can’t stop attacks, then what?
There have even been discussions on the use of counter attacks as a offensive retaliation -- a disturbing trend being seen in nation state attacks that we should be very careful about. Cyberattack expertise can be bought on the open market with both white hats and black hats offering services. Nation states are actually hiring independents who have little loyalty to the nation or cause, and more interested in the money.  Even ex-NSA and Israeli Unit 8200 are leaving their public-sector organizations and going to the private sector for the money.
The fact of the matter is that there are thousands of these people who have the skills to hack their desired targets. They are just doing what they need to do today and not necessarily concerned about the long term outcome of cyberattacks. Whether they are patching known vulnerabilities that were put in by nation state spy organization or a hackers just doing it for fame and fortune, this back and forth hack and patch cyberwar could be devastating.  The problem is who wins or gains when this is done. The short answer today is the aggressor wins in the short-term until eventually stopped with some short-term patch. Then a new exploit is found and we start all over again.  The problems are these: Who is the aggressor? Who wins? And how much does all this cost? This has led to a whole new field of cyber risk management that unfortunately is more of a guess than a science.


The short answer as to whether we can insure cybersecurity is no.
The problem with cybersecurity insurance is in these two questions: How much did they take? And how deep was the breach?
Why? Because how can an insurance company calculate a premium or settlement in a cyberattack without complete information? Frankly, the cybersecurity industry doesn't have enough analysts now, so where is the insurance industry going to find the expertise to even evaluate the attack? We don't have enough trained cybersecurity analysts today to even support our current information processes. Even if you are to get a cyber insurance policy, you must prove how well you are currently protected. If current cybersecurity technologies are simply deterrents to cyberattacks, then who would want to insure you in the first place?
As you can see, even a monetary defense posture of cybersecurity insurance is unreasonable. Rather than getting caught up in cyber war offense and defense and patch technologies, we should be looking to cyber intelligent technologies that can authenticate, view, audit, analyze and block these attacks in real time. Who cares about who did it -- when you get robbed, do you want your money back or to know who the robber was?  Wouldn't it be better to just not be robbed in the first place? Cyberattacks use offensive technology, and we need to defend these attacks with better proactive defensive technologies. This can be done, but to achieve it, we must be better and faster than the attackers.


We currently use software that runs mainly on 3rd Generation Programming Language (3GL) and 4th Generation Programming Language (4GL) technology. To explain what 5th Generation Programming Language is, it's is best to compare it to previous 4th generation programming language.
While fourth-generation programming languages are designed to build specific programs, fifth-generation languages are designed to make the computer solve a given problem -- without the programmer. This way, the programmer only needs to worry about what problems must be solved and what conditions need to be met, without worrying about how to implement a routine or algorithm to solve them.
5GL is a programming language based on solving problems using constraints given to the program, rather than using an algorithm written by a programmer. Most constraint-based and logic programming languages, as well as some declarative languages, are fifth-generation languages.
By adding Digital Process Management to 5GL, you now have a comprehensive real-time intelligent viewing capability during data in motion, which can catch cyberattacks before they occur.
It is important to note that 5GL does not use algorithms. This is a significant departure from current security and analytic technologies that are heavy dependent on algorithms, which, in many cases, are targets for cyberattackers.
A recent whitepaper (PDF) written by M. E. Kabay, professor of Computer Information Systems at the School of Business & Management at Norwich University, clearly identifies the immediate need for DPM 5GL technology. In the white paper, Kabay states: "Have you ever wondered why computer and network security are so difficult? One of the problems is that it’s really difficult to make sure that all the proper procedures used by machines and by people are in fact in use to protect their information."
Process events are usually locally activated, with the process knowledge being driven by the local operator and the procedures defined both locally and company-wide by thorough standards and proprietary process flows.  These human and digital process flows are the heart of every organization that not only determine security breach anomalies, but also the competitive process efficiency and ROI of each organization.
Current 3GL and 4GL programming languages were mainly focused on interconnecting and automating systems rather than intelligently monitoring their operations in real time during data in motion.
Adding to this system complexity is an increasing amount of software and device applications now being connected to the enterprise, cloud or Internet that can affect or even exploit the control system processes. If we are to continually interconnect digital devices and software to our system processes, we must start to manage this digital information. Kabay continues by saying that if a user can develop an unambiguous, complete flow chart of a process, "that chart can be converted into a working program (instructions, or code, for the computers to execute) to identify deviations from the expected operations or data. Computing professionals call the process of turning a design into a working program instantiation.”
By combining DPM and 5GL, they are able authenticate, view, audit and block system events in real time during data in motion across multiple software, hardware and network platforms.  Kabay gives specific examples of how 5GL DPM could be used by more than 25 industries verticals.
Another important part of 5GL is that it simplifies current software events while monitoring these process events in microseconds. Today's software is so complex that the complexity itself is where hackers find weaknesses. This is why current patch and pray technologies are having difficulty in just keeping up with attacks. We must be ahead of the attack actions in real time while improving the ability to observe both the correct events and attack anomalies even if using multiple networks and layers of software. 5GL has the unique ability of intelligently recognizing these multiple process events in milliseconds.


Today's information technologies were really built to automate processes and not necessarily to view or secure the events within the processes. All current IPS and IDS cyber security technologies are not really good at security these events because they frankly don't even see them or know they are an accepted part of the process. There is nothing more important than events in information processing because they represent the exchange of information between systems applications, and the individual and machine actions that initiate them. All systems and applications, enterprise, network, cloud, IoT -- it doesn't matter.  If you really watch what hackers do, you can see that they manipulate digital events or software to get their desired results.
The knowledge of this process workflow is local. Your house, the area you live in, your work processes, even your global interaction.  If we are to secure these processes, we must define and validate the event flow in real time during data in motion.  From giving a key to the office to having access to complex control system processes, event processes are driven locally and are the first step to achieving true cybersecurity. DPM is used to pre-define the sequence of these multiple events in the accepted processes.  By adding the intelligence of 5GL to the pre-determined digital management process, we can effectively be ahead of cyberattacks in microseconds rather be in the reactionary cybersecurity mode we are in today.
Mr. Karisny will be speaking on line in the 4th Annual Smart Grid Cyber Security Virtual Summit on Thursday, Jan. 22, 2015. His session, Securing the Smart of the Smart Grid with 5GL, will cover the technologies discussed in this article in more detail with live Q&A available after the session.
Editor's note: On Feb. 4 at 7:40 a.m., this story was edited to remove the reference to M.E. Kabay as being the "father of cybersecurity."
Larry Karisny  | 
Larry Karisny is the director of Project, an advisor, consultant, speaker and writer supporting advanced cybersecurity technologies in both the public and private sectors.