A National Cybersecurity Action Plan is a Serious Priority

We cannot allow this slow economic bleed of our economy to continue. It slows down and even reverses living standards. We simply cannot invest billions into research and development and have it siphoned from us with a few clicks. There is no justifiable reason to let this happen anymore. Smart and competent people have been sounding the alarm bells for some time, but they need more voices to back them.

Expectedly, our cybersecurity issues are growing.  We say expectedly for a variety of factors including, but not limited to: size and scope of breaches, increasing costs that cannot be accurately estimated or predicted, a proliferation of technologies and abilities, and geopolitical tensions. Given current conditions, we do not see a particularly bright future if our current cybersecurity strategy remains more or less constant.

What is our current strategy? In short, it is the accumulation of a lot of expensive toys to hold together decaying infrastructure, along with a healthy dose of the putting aside or worse, ignoring, the basics. In short, we look to more technological solutions, but we avoid the single greatest problem: our decisions. The growing track record of failures demonstrates that this “technology-heavy” approach is not working.

The underlying problem with this strategy is that it is simply untenable unless there is some revolutionary technology that completely changes the landscape. And while we do think artificial intelligence and quantum computing will be game-changing, we do not necessarily believe they will solve all our problems. Poor handling and implementation of these two technologies may, in fact, accelerate our demise. Therefore, we cannot continue to throw what limited resources we have at supposed technological wizardry, fixes, and repairs when the root of our deepest problems are inherently insecure systems, poor maintenance, and social engineering. Continue reading “A National Cybersecurity Action Plan is a Serious Priority”

Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity

Certainly, information collaboration is a key component of any successful cybersecurity initiative effort, and the relationship between industry and government is no exception.

This past month cybersecurity legislation, called Promoting Good Cyber Hygiene Act of 2017, was introduced that would mandate the National Institute of Standards and Technology (NIST), the Federal Trade Commission (FTC), and the Department of Homeland Security (DHS) to establish baseline best practices for good cyber hygiene, authentication and cooperation.

Specifically the legislation states that the list of best practices established “shall be published in a clear and concise format and made available prominently on the public websites of the Federal Trade Commission and the Small Business Administration.” It also recommends including “other standard cybersecurity measures to achieve trusted security in the infrastructure.” Continue reading “Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity”

The Gamification Trend in Cybersecurity

Of course there is a real science to gamification and the many algorithms that create a scenario for the players. The values of lessons learned for the cybersecurity community in conducting such exercises can create working models that will pay dividends for everyone connected, improving competiveness for industry and better security overall.

For many years the defense and intelligence communities have relied upon a concept called gamification to test concepts, strategies, and potential outcomes in various scenarios via computer simulation. They have found that gamification heightens interest of the players involved and serves as a stimulus for creativity and interchange of ideas which is vital for keeping an edge. As computers have become faster and more capable and data gathering abilities have has exponentially grown, gamification has become a “go to” process for many involved in the security community. Continue reading “The Gamification Trend in Cybersecurity”

Is WannaCry Ransomware Just the Warm-Up Act?

Companies and government also need to share data. Because of exponential connectivity, further being promulgated via the Internet of Things, future global public/private cooperation will be critical in maintaining a knowledge base to track and counter emerging cyber threats.

Ironically Warren Buffet recently stated that “I don’t know that much about cyber, but I do think that’s the number one problem with mankind.” He is right. Cybersecurity is a preeminent threat.

What is being called the largest ransomware attack is being described as a real wakeup call y many cybersecurity experts and government officials. The ransomware disrupted hospital , organizational and company networks that were not well protected and up to date. Low hanging fruit for hackers. It did not turn out to be as lethal as originally feared, but it certainly demonstrated the global vulnerabilities associated with inter-connected networks and devices. Continue reading “Is WannaCry Ransomware Just the Warm-Up Act?”

Shared Responsibility in Cybersecurity

Sober strategic thought suggests that if you cannot immediately defeat and subdue an adversary through immediate and overwhelming strength, by using surprise, speed, and violence of action, your best course of action is to bleed your adversary, over time and through asymmetry, by attacking their strengths. In the case of the West, our strengths are two: the economy and our democratic institutions (the latter of which we will not discuss in depth in this piece, as we are primarily focusing on the private sector).

The safety of the Internet is at stake.  A relatively obvious comment, but one which is neither unfounded, nor wrapped up in the auto-hysteria, as so many cybersecurity conversations are today.  Why do we say this?  A simple reason really: because the Internet is no longer used as it was originally designed – a benign information-sharing tool, used primarily for knowledge and research, by a select group users.  Today, but also arguably for the last 15 or so years, the Internet is a “wild west” with more and more actors entering it every day.  Intent of these actors may be fairly obvious – we want to order something online and have it shipped to our door – or it may be shrouded in controversy and obfuscation, making attribution a seemingly impossible task.

Despite this environment, we still must go on about our daily lives, unless of course we are willing to change our daily lives, which would almost certainly result in a lower standard of living. Continue reading “Shared Responsibility in Cybersecurity”