Forensics Journal - Stevenson University 2015 | Page 24

STEVENSON UNIVERSITY throughout the computer network. Shape Security acknowledged the potential role of “real-time polymorphism” from a cybersecurity perspective and invented ShapeShifter, a prototype technology which uses this polymorphic capability to prevent cyber attacks (“Shape Security,” 2014). Knowing that attackers rely on the “static elements” (i.e. the static web codes) of information technology networks to spread their malicious codes, the company is experimenting with polymorphic code on websites to “simply disable the automation that makes these attacks possible” (“Shape Security,” 2014). The ShapeShifter presents a potential solution to eliminating the threat of a major DDoS attack. operators to adopt best practices in accordance with the framework. For example, should a data breach occur and the company had not implemented best practices available to protect their vital resources, victims could cite NIST framework version 1.0 as proof of the company’s negligence. CylancePROTECT and ShapeShifter represent cutting edge cybersecurity technology which both the government and privateindustry businesses could employ to thwart cyber attacks. For example, to achieve a successful attack on a system currently utilizing polymorphic code in its cybersecurity defense, a terrorist would have to invest a greater amount of time and effort to infect a well-protected system. By that time, they could have moved on to an easier target. The rationale here should be that the United States does not want its critical infrastructure to be the easy target. However, will critical infrastructure operators use this type of forward-thinking technology in their daily operations, or will they remain the comparatively soft targets in the eyes of a terrorist? The first issue is the voluntary nature of the framework. By adopting a voluntary compliance approach, companies will conduct business as usual and invest their time, effort, and money into other operating costs instead of enhanced security measures. The cybersecurity framework recognizes current deficiencies in critical infrastructure systems and sets forth a plan to resolve those difficulties. However, several features render it useless in the event of a cyber terrorist attack. These are: v