Apr 16, 2014
This year's Kaspersky CyberSecurity Summit in San Francisco was by far the largest I've experienced. I didn't count, but the hall held at least 100 people, from many different countries. The day started with a keynote by Tom Ridge. You'll remember him as the former Secretary of the U.S. Department of Homeland Security (among other roles).
"This subject matter gave me a chance to reflect on what I've done," began Ridge. "In my days as an infantry staff sergeant in Vietnam, in the sixties, we fought a traditional war, violent, instrumental, and attributable. It's a kinetic war, with lethal means of destruction on land, sea, and air. The notion of cybersecurity wasn't on anybody's mind."
"Flash forward to 2014," continued Ridge, "It's a brave new world, an interconnected, interdependent world. In this world there are two permanent global conditions we'll deal with as individuals, companies, and countries. One is the scourge of terrorism, but that's for another discussion. The other is what I call the digital forevermore."
Digital Forevermore
"We're never going to be less connected than we are now," said Ridge. "The text we use today will soon be outmoded. It's a dynamic environment. The digital forevermore is a new environment. In the sixties, we worried about land, sea, and air. Now we add cyber."
"The promise and peril of the digital forevermore bring new capability, uncertainty, and risk, not only to the war fighter but to the enterprise," said Ridge. "To the war fighter, it's a global cyber war. We know today that the nation states have embedded cyber-strategy. It's in their policy documents. It's a part of war fighting doctrine and it's been used. Forget looking for cyberwar in the future; the future is now."
Lack of Business Attention
"I would say that war fighters are laser focused on risks attendant to the cyber world," said Ridge. "I'm not sure the private sector brings the same acuity of focus to that risk, which grows ever more in the digital forevermore." He continued, "It's critically important to understand that national security and economic security are tied. When nation states can disrupt cyber- assets, it's everybody's concern."
Ridge noted that in the DHS they had a saying: You can't secure the country from inside the beltway. Everybody has a role in security. "Trade secrets, product development, testing, strategies, pricing, you name it," said Ridge. "Attackers and hackers are after it. But to the private sector, the virtual world is a vague world. The C-suite doesn't have experience. We need to convince them that the impact is not virtual, it is real."
Manageable, Not Preventable
"America is a target-rich environment," noted Ridge. "We don't need to be breathless, but we need to be smart. Cyberattack is not a preventable problem, but it is a manageable problem. In the twentieth century, the catchword for business was quality. In our century, the word is resiliency."
Ridge quoted a financial analyst at Kleiner Perkins as saying, "There are two kinds of companies, those who've been breached and know it, and those who've been breached and don't know it." "The military knows without a doubt that cyber-attack is a risk," said Ridge. "Enterprise? They may see it as an IT problem, not as a business problem. That should worry shareholders, customers, and partners."
Sharing Is Key
"One challenge in the private sector is information sharing," said Ridge. "In the past three years I've had the privilege of working with a Homeland Security task force. We went to Congress and asked them for a proteted avenue for the government and private sector to share security information. There's much to be learned and shared from each sector. Unfortunately, we had no success."
"You have to go from 'need to know' to 'need to share,'" said Ridge. "For example, one client talked about a major corporation being hacked. When they went to share with a government agency, the agency said, 'We know.' When were you going to tell us? This kind of posturing inhibits our capability for cyberwarfare."
Stay Resilient
"The war figher has accepted the new cyber-domain," concluded Ridge. "The private sector is slow in catching up. We're in this together, the war fighter. We don't need to be breathless, just smart. Cyberattack is not preventable, but it is manageable. We must continue to focus on quality, but a culture of awareness and resiliency needs to be at the epicenter."
No comments:
Post a Comment