Posts Tagged ‘Cybersecurity

18
Aug
14

What I Learned at the Silicon Valley Cyber Security Summit – Part 1

I was fortunate to attend last week’s Silicon Valley Cyber Security Summit, where I spent 4 hours indulging my obsession with this subject while unfortunately increasing my level of paranoia. The panel discussions were excellent, bringing perspectives from security technology providers, pundits, the Dept of Homeland Security, two Congressmen, two Senators and execs from the outstanding Silicon Valley Leadership Group [#SVLG].

The first discussion centered around progress to date with Obama’s Executive Order (EO) issued in early 2013, and the potential for more formal cyber policy or regulation coming from the Congress.The cybersecurity problem offers a rare opportunity for the public sector to lead in a critical technology domain, but all of the day’s speakers emphasized the requirement for public-private partnership in addressing the challenge. There has actually been some good news around the Cybersecurity Framework, an outcome of the EO being driven by NIST, in which participation is voluntary but to which apparently 3000 private sector representatives have actually contributed. While governments actively push such information to the citizenry, companies need to share a lot more about what’s happening to them, what they’re learning and how they’re defending themselves – competitive concerns are keeping this constrained to date. Still, some progress is being made.

One of the biggest eye openers was the claim by several speakers that the public is just not engaged in this issue and therefore practices poor digital ‘hygiene’. I found this surprising and uncanny in the aftermath of the Target and Nieman’s attacks last Fall, and the August 5 revelation that a Russian crime ring had stolen including 1.2 billion user name and password combinations and more than 500 million email addresses. WAKE UP PEOPLE – this is serious stuff!

Senator Saxby Chambliss (R-GA) extolled the virtues of his and DiFi’s Cybersecurity Information Sharing Act bill, which made it through the Intelligence Committee but still faces stiff opposition from privacy advocates. While speaking at length about the urgency of the issue, Sen. Chambliss then went on to say that Congress would only be working a whopping 3 weeks between now and the November Election!!!!!  Two weeks for the Senate, one for the House. Wish I could get paid with great benefits for not working. Post-election will be a lame duck December, then the Freshman class must be educated on the issue. And then of course there were the references to don’t overregulate, etc. that will expose the usual partisan split. Bottom line, passage of a bill is unlikely anytime soon.

Everyone agreed that what would spur Congressional action would be a real crisis – a big attack that causes some real national pain. Let’s hope we don’t have to endure that to get something meaningful . It is also possible for Fed agencies like HHS, DHS, the SEC and others to impose cyber regulations within their domains – some are already doing so. And States are stepping up too, with a plethora of unique policies that will be nigh impossible to follow if you happen to do business nationally. Beyond the US, each country will have its own policies as well.

For me, the core issue behind all of the discussion was TRUST – people don’t trust the government, businesses don’t trust each other OR the government, the government doesn’t trust other governments … One speaker even joked that in the Silicon Valley, the NSA is seen as an ‘advanced persistent threat.’  Everyone is waiting for something BIG to happen, which it will sooner or later. Let’s hope later.

My next post will take up the 2nd worry point – the lack of a talent pool to address this mess!

20
Apr
12

Cyberspace is the New Front Line

So the Chinese are hacking our defense, government and corporate digital data, and trying to make it look like the Indians did it.  This week’s news revealed that officials in the US and the UK believe China has been aggressively undertaking highly sophisticated and often multi-stage attacks to steal information on pretty much anything it wants – and in a particular recent instance, went to great lengths to make it look like the government of India was behind it. It is extremely difficult to detect and trace these attacks, and the pool of brainpower who can do this difficult work is narrow.  I heard a story on the radio last night in which a Chinese hacker was quoted as saying ‘information on the Internet wants to be free’.  Really? Digital content behind strict firewalls is not just hanging out on the Internet waiting to be plucked. The hacker said the Chinese government’s position was that such activity would be illegal, but it’s becoming pretty well known that they actually sponsor a lot of it.  Yet call it out and they’re  just SHOCKED and deeply offended that they would be victimized yet again through such vile accusations.  Get over it. It is time for the U.S. government to get very tough on this issue. For those who worry that our next physical war could be with the Chinese, I don’t think that’s very likely. Cyberspace is the new front line, and so far, we’re losing the battle.




%d bloggers like this: