CYBERSECURITY AND FUSION CENTERS

Posted on April 27, 2023 by mclaukl

To cite this article: Kevin Lynn McLaughlin (2023): CYBERSECURITY AND FUSION CENTERS, EDPACS, DOI: 10.1080/07366981.2023.2205689

To link to this article: https://doi.org/10.1080/07366981.2023.2205689

In the ever-evolving world of cybersecurity, it is vital to streamline complexity and create accessible solutions. The establishment of a Cybersecurity Security Operations & Fusion Center serves as a centralized nexus for monitoring, defending, and enhancing awareness of cyber threats, ultimately empowering professionals to safeguard their digital domain. – Kevin Lynn McLaughlin, PhD

Cybersecurity professionals need to simplify the multifaceted world of cybersecurity to facilitate a better understanding of it. A powerful way to achieve this is through the establishment of a Cybersecurity Security Operations & Fusion Center (CSOFC), which functions as a centralized mechanism responsible for monitoring, detecting, protecting, and raising awareness about present and resolved cyber threats. In the realm of cybersecurity, it is of paramount importance for professionals to disentangle the convoluted landscape, thus facilitating a more coherent understanding by those seeking to protect digital assets and information (O’Connor and Robertson, 2020). One way to achieve this simplification is through the establishment of a CSOFC, a centralized hub that synergistically combines the monitoring, defense, and communication of awareness regarding new, extant and resolved cyber threats.

The CSOFC unites the proven capabilities of Security Operations Centers (SOCs) and Fusion Centers, creating a cohesive entity that not only bolsters the defense of an organization’s digital assets but also proactively identifies potential threats based on multiple threads of collected intelligence. This central defense mechanism relies on the seamless collaboration among various teams and the utilization of state-of-the-art technologies designed for threat detection, analysis, and remediation. Fusion Centers, which have gained prominence since the 9/11 attacks in the United States, can serve as a critical element in the cybersecurity ecosystem. They gather, analyze, and actively employ intelligence data to identify and classify risks and threats. By comparing gathered data against an organization’s systems and assets, Fusion Centers can drive proactive remediation of potential issues. Integrating Fusion Centers into SOCs enables a more com- prehensive and proactive approach to cybersecurity, leading to a more robust and well-rounded cyber-defense mechanism. Moreover, the integration of Threat Intelligence Center (TIC) process’ and techniques within the CSOFC framework significantly enhances the overall effectiveness of cybersecurity operations. TICs collect and analyze threat data from various sources, thereby enabling organizations to stay abreast of the ever- evolving cyber threat landscape. By incorporating TIC methods and Fusion Center integration into the SOC, organizations can better anticipate potential threats and implement proactive measures to protect their digital assets.

As the world becomes more reliant on technology and digital systems, the need for effective cybersecurity measures has never been greater. One of the most significant challenges in cybersecurity is the threat posed by insiders – IT (Information Technology) professionals who may have access to sensitive information and systems, and who may be tempted to engage in malicious activities (Fink et al., 2019). This is why it is crucial to understand the conditions that may lead to such behavior. To address this challenge, cybersecurity professionals like Dr. Kevin Lynn McLaughlin have emphasized the importance of integrating diverse information from various sources. This cross-functional approach involves gathering and analyzing data from multiple sources, such as employee behavior, network activity, and threat intelligence feeds, to build a comprehensive picture of potential insider threats. One example of how this approach can work is the deployment of a CSOFC. By fusing the best practices of Security Operations Centers (SOCs), Fusion Centers, and Threat Intelligence Centers (TICs), organizations can develop a more proactive and comprehensive approach to cyber defense. The CSOFC will serve as a central hub for collecting, analyzing, and sharing information across multiple teams and departments within an organization. By integrating diverse sources of data, such as log files, system events, and user activity (Chen et al., 2019), the CSOFC can identify potential threats and respond to them quickly and effectively (Langton and Slay, 2020).

The world of cybersecurity is multifaceted and constantly evolving, presenting significant challenges for organizations seeking to protect their digital assets and information. The advent of generative Artificial Intelligence (AI), Machine Learning (ML) and quantum computing is compounding the complexity. However, cybersecurity professionals recognize the need to simplify this complex landscape to facilitate a more coherent understanding of potential risks and threats. The establishment of a CSOFC is a powerful way to achieve this simplification. The CSOFC combines the proven capabilities of Security Operations Centers (SOCs) and Fusion Centers, creating a cohesive entity that not only bolsters the defense of an organization’s digital assets but also proactively identifies potential threats based on multiple threads of collected intelligence. Integration is the key component of this work. The CSOFC relies on seamless collaboration among various teams and the utilization of state-of-the-art technologies designed for threat detection, analysis, and remediation (Bhattacharya & Khan, 2019). The integration of Threat Intelligence Center (TIC) processes and techniques within the CSOFC framework significantly enhances the overall effectiveness of cybersecurity operations. TICs collect and analyze threat data from various sources, thereby enabling organizations to stay abreast of the ever-evolving cyber threat landscape. By incorporating TIC methods and Fusion Center integration into the SOC, organizations can better anticipate potential threats and implement proactive measures to protect their digital assets.

As the world becomes more reliant on technology and digital systems, the need for effective cybersecurity measures has never been greater. The establishment of a CSOFC is a significant step in simplifying the complex landscape of cybersecurity, allowing organizations to take a more proactive and comprehensive approach to cyber defense. By leveraging the power of integration, organizations can build a more robust and well-rounded cyber defense mechanism that protects their digital assets and information from potential risks and threats. This is just one potentially helpful piece of an extraordinarily complex puzzle for defending an organization’s data and assets (Almalki & Hussain, 2019).

ORCID

Kevin Lynn McLaughlin  http://orcid.org/0009-0009-8367- 5292

REFERENCES

Almalki, F., & Hussain, R. (2019). Cybersecurity fusion centers: A systematic literature review. In Proceedings of the Future Technologies Conference (FTC 2019) (pp. 627–639). Springer. https://doi.org/10.1007/978-3-030-32520-6_48

Bhattacharya, I., & Khan, L. (2019). A framework for collabora- tive cyber threat intelligence fusion. In 2019 IEEE International Conference on Big Data (Big Data) (pp. 5104–5109). IEEE. https://doi.org/10.1109/BigData47090.2019.9006290

Chen, X., Wang, L., & Khan, L. (2019). Cyber threat intelligence fusion and analytics. In 2019 IEEE International Conference on Big Data (Big Data) (pp. 4268–4273). IEEE. https://doi.org/10. 1109/BigData47090.2019.9006295

Fink, G. A., Best, D. M., Manz, D. O., Popovsky, B., & Endicott- Popovsky, B. (2019). Predicting the “breaking bad”: Conditions that influence IT professionals’ propensity to go rogue. Computers & Security, 87, 101578. https://doi.org/10.1016/j. cose.2019.101578

Langton, J., & Slay, J. (2020). Cybersecurity fusion centers: Enhancing collaboration and information sharing. Journal of Information Security and Applications, 52, 102495. https://doi. org/10.1016/j.jisa.2020.102495

O’Connor, R., & Robertson, D. (2020). Cybersecurity fusion cen- ters: An integrated approach to threat detection and response. Computers & Security, 92, 101771. https://doi.org/10.1016/j. cose.2020.101771

About mclaukl

Professional Certifications - Certified CISO, CISM, CISSP, PMP, ITIL Master Certified, GIAC Security Leadership Certificate (GSLC), CRISC. Kevin also holds Certificates in the Advanced Principles of Information Security and in Advanced Information Security Research Methods from Jones International University. Kevin L. McLaughlin began his career as a Special Agent for the Department of Army. He was responsible for investigating Felony crimes around the globe. He has had many careers over the years, including being a Police Officer in Kissimmee Florida, an Investigator for Mastercard/Visa, a Middle School teacher, a Director at Kennedy Space Center (where he worked with Fred Hayes, James Lovell, Armstrong, Sheppard, etc.), the President of his own company, an IT Manager and Senior Information Security manager with the Procter & Gamble (P&G) company (fortune 35), a CISO at the University of Cincinnati and a Senior Information System Security Manager for the Whirlpool Corporation (fortune 125). Kevin has also been an adjunct since 1992. While at P&G Kevin created one of P&G’s augmentation outsourcing teams in India. Kevin designed and implemented this India team and it won a global Gold Service award from Atos-Origin and has acted as a model for countless corporate relationships since. Over the years Kevin has: created an Information Security program conducted Information Security Strategic planning designed Information Security solutions, investigated over 700 Cyber cases and operated a Global Security Operations Center. • Education - MS in Computer Science Education, BS in Management of Information Systems * PhD in Cyber Security, University of Fairfax
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s