What Can We Learn From the World Economic Forum’s Cyber Resilience Playbook

While it may be tempting to dismiss this document as a directive aimed solely at politicians and policymakers, the playbook lays out very real risks that organizations around the world must face when dealing with their own cyber resilience capabilities.

When the World Economic Forum (WEF) released its “Global Risks Report 2018,” in January, it also issued a new report titled “Cyber Resilience: Playbook for Public-Private Collaboration,” which aims to improve the way governments and policymakers around the world make decisions about cybersecurity. Since, as the report noted, the first line of defense is rarely the government, this framework is designed to promote collaboration both within our own borders and across the globe.

To create the framework, the WEF, in collaboration with the Boston Consulting Group, asked its experts to create an initial list of values that policymakers would need to weigh when choosing between various cyber policies. The 30 options were eventually distilled down to five key values that are central to any choice regarding cybersecurity policy: security, privacy, economic value, fairness and accountability. The remaining 25 options can be mapped to one of these five key values. Continue reading at SecurityIntelligence.com

Highlights From the World Economic Forum’s ‘Global Risks Report 2018’

This year, cyberthreats figure prominently along the various global risks found in our increasingly complex and interconnected world. It makes it a perfect New Year’s gift for chief information security officers (CISOs) to share with their business leaders as a way to examine common concerns and build trust through stronger communication and engagement on a topic that is critical to the survival of organizations around the world.

First came the New Year’s Eve parties, followed by New Year’s resolutions and, finally, the annual meeting of global elites at the World Economic Forum (WEF) in Davos, Switzerland, on January 23–26. Just ahead of the event, the WEF released its “Global Risks Report 2018,” a compendium of data points and analysis about the state of economic health around the world.

The report, partly based on a survey of about 1,000 of its members conducted during the second half of 2017, covers all major categories of risk, including economic, environmental, geopolitical, societal and technological. The top four concerns include recurring themes, such as inequality and unfairness, political tensions within and between countries, the environment, and cyber vulnerabilities. It is across this spectrum of global risks that the report warns of “the increased dangers of systemic breakdown,” due in part to our increasing dependence on technology. Continue reading at SecurityIntelligence.com

60 Cybersecurity Predictions For 2018

And one from the #CyberAvengers all on Forbes

Attacks on the US government and critical infrastructure

A nation-state sponsored group will commence a 5-day long DDoS attack against a critical US government (non-DoD) agency, shutting it down in order to show their strength—The Cyber Avengers

Read the entire list on Forbes

A National Cybersecurity Action Plan is a Serious Priority

We cannot allow this slow economic bleed of our economy to continue. It slows down and even reverses living standards. We simply cannot invest billions into research and development and have it siphoned from us with a few clicks. There is no justifiable reason to let this happen anymore. Smart and competent people have been sounding the alarm bells for some time, but they need more voices to back them.

Expectedly, our cybersecurity issues are growing.  We say expectedly for a variety of factors including, but not limited to: size and scope of breaches, increasing costs that cannot be accurately estimated or predicted, a proliferation of technologies and abilities, and geopolitical tensions. Given current conditions, we do not see a particularly bright future if our current cybersecurity strategy remains more or less constant.

What is our current strategy? In short, it is the accumulation of a lot of expensive toys to hold together decaying infrastructure, along with a healthy dose of the putting aside or worse, ignoring, the basics. In short, we look to more technological solutions, but we avoid the single greatest problem: our decisions. The growing track record of failures demonstrates that this “technology-heavy” approach is not working.

The underlying problem with this strategy is that it is simply untenable unless there is some revolutionary technology that completely changes the landscape. And while we do think artificial intelligence and quantum computing will be game-changing, we do not necessarily believe they will solve all our problems. Poor handling and implementation of these two technologies may, in fact, accelerate our demise. Therefore, we cannot continue to throw what limited resources we have at supposed technological wizardry, fixes, and repairs when the root of our deepest problems are inherently insecure systems, poor maintenance, and social engineering. Continue reading “A National Cybersecurity Action Plan is a Serious Priority”

Will the World Really Cooperate in Curbing Cybercrime?

Some people wonder why is it so hard to get agreement on international treaties, particularly when an issue (say, oh, cybersecurity, for example) is so “obvious” that something must be done about it. And you may have also noticed that doing something about it is easier said than done.

As part of this ongoing series (previous parts, in order, here, here, here, and here), I have been trying to make the case that differing interests make cooperation on cybersecurity issues virtually impossible. This is not criticism. It’s just reality. And while it would be easy to look at Brexit or Eastern European and American politics as a push back to the globalist system, which – in theory – could help develop a platform for greater cooperation regarding cybersecurity concerns, it’s just not that simple.

As I explained in my previous article, some wounds cannot be easily healed, and some cultures have longer memories than others. Don’t try to judge whether holding long grudges or not is legitimate, but rather, just accept that it happens and we have to deal with it. And with that backdrop, I point towards to the Convention on Cybercrime, sometimes known as the Budapest Convention, the first international treaty that focuses on crimes that take place on the Internet. Even if your cyber work does not cross international lines, it would be best if you spend just a few minutes on the Budapest Convention in order to familiarize yourself what it covers and what it does not. Continue reading “Will the World Really Cooperate in Curbing Cybercrime?”

Multilateral Cyber Interests Will Rarely Align

The human-technology cyber conflict cannot be solved, but instead is a fact not to be solved but to be coped with over time.

Previously, I proposed that security and economy are inextricably linked and that such a link has the potential to increase both national and personal prosperity. If you are a student of history, I do not believe you will have any difficulty accepting this hypothesis, particularly when you put aside any consideration of cultural and societal issues or constructs.

A sovereign entity can potentially achieve national prosperity through security and economy, but that construct may not be tenable over time. Therefore, how prosperity is achieved is where it gets tricky. Why? Because people see the world in different ways and people want to live their lives differently. Continue reading “Multilateral Cyber Interests Will Rarely Align”

Before You Declare Your Enemy, Be Sure of Your Interests

Set aside all politics and details for a moment and begin with this premise: are my interests being met? If you take that as your starting point, the fog will begin to clear for you. Of course, reasonable people can have an informed debate over what “correct” interests are, but that is what we try to do in democracies. Interest is the overriding factor here.

In my previous article, I discussed the clash of systems we currently are in. Super quick recap: in one corner, we have the Westphalian nation-state system that’s been around since 1648 and is built on the principles of sovereignty, legal equality and a policy of non-interventionism; in the other corner, we have the Internet, which has no established sovereignty, is marred by legal blurring, and by virtue is interventionist and disruptive in nature.

Ultimately, what we have is a system clash where our original intent – free flow of information but with positive control of the Internet in our lives – has been flipped on its head, where the Internet effectively controls our lives. Continue reading “Before You Declare Your Enemy, Be Sure of Your Interests”

Today’s Cybersecurity Challenges Started in 1648

Instead of positive control, we have a system that completely controls how we conduct ourselves.

Understandably, a few eyebrows raise up when I suggest today’s cybersecurity challenges started nearly 370 years ago, some 300 years before the invention of ENIAC (the world’s first digital computer). But I stand by this observation because of the unintended clash of two systems: the nation-state and the Internet.

Many of the institutions, social constructs and domains we have accepted as norms came out of the Peace of Westphalia, a series of treaties to end the 30 Years War. No, the problems do not stem from the fact that many of us wish to throw our devices out the window when things go wrong or we find ourselves in disagreement with technology. (Though defenestration does sometimes feel like a natural response to many of our cybersecurity problems.) Continue reading “Today’s Cybersecurity Challenges Started in 1648”

Highlights From the World Economic Forum’s ‘Global Risks Report 2017’

The report emphasized that cyberattacks and breaches have led many countries to enact tough national security and counterterrorism measures. That changes the rights of citizens and alters how governments work in the 21st century.

On Jan. 11, the World Economic Forum (WEF) published “The Global Risks Report 2017.” As we did for the 2016 edition, we dug in this year’s report to analyze key findings as they relate to cybersecurity. Continue reading at SecurityIntelligence.com

The cybersecurity priority for DHS in 2017

Because of the exponential growth of the Internet of Things, mobile devices, big data and digital commerce, cybersecurity has grown immensely as a key priority while DHS has assumed more of a formal government role in the civilian cyber arena. Cyberthreat actors include hackers, terrorists, criminals and nation-states.

As one of his first national security appointments, President-elect Donald Trump has selected retired Marine Gen. John F. Kelly to lead the Department of Homeland Security. Kelly is widely recognized for his expertise in counterterrorism, his dedication, composure and intellect. He is especially known for his excellent leadership skills honed by more than 40 years of military service, including as the commander of U.S. Southern Command. Continue reading “The cybersecurity priority for DHS in 2017”