MOVEMENT IN THE RIGHT DIRECTION ON CYBER SECURITY
While the bulk of mainstream news coverage on cyber issues has been focused on macro issues such as Russian involvement in our electoral process, there have been less noted initial signs of progress on the more traditional cyber concerns such as the protection of critical infrastructure, theft of intellectual property and securing of personal data.
The most encouraging signs can be found in the draft Executive Order on cyber that floated into the community last Friday. While much of the draft order addresses organizational and timing issues the Trump Administration is considering, the most encouraging elements of the draft can be found in the direction the Order suggests the new Administration will take when addressing the cyber threat. I’m focused on what questions will the new team be asking as they develop policy, because if you ask the wrong questions you get the wrong answers…(read on!)
10 CHEAP TRICKS TO IMPROVE OUR CYBERSECURITY: PART I
On September 15, 2016, the Internet Security Alliance will publish a 400 page, 17 chapter, book containing 106 recommendations for the incoming Administration and Congress. One of the recommendations is that, frankly, we need to invest more in cyber defense. We are chasing a $500 billion to $1 trillion dollar a year issue with about $9 billion in non-defense cyber spending and successfully prosecuting maybe one or two percent of cyber criminals.
However, when talking with government officials, one of the first things we are told is that getting increased spending for anything is extremely difficult. So, without getting into a spending debate, we will now offer 10 ideas that will cost virtually nothing in the federal spending sense yet can substantially improve our cybersecurity. This blog presents the first 5 of these… (read on!)
THE NEXT ADMINISTRATION NEEDS TO PICK UP THE PACE – A LOT – ON CYBERSECURITY
The Pentagon’s 2015 annual report says that most DoD systems are subject to low to mid-level cyberattacks and our defense systems are basically subject to compromise whenever an adversary chooses to do so.
If the world’s largest and best-funded military operation is subject to low and mid-level attack, what is reasonable to expect from discount retailers (Target) and movies studios (Sony) or anyone else?
And the bad news is, we may soon look back on these as the good old days.
Our cyber systems are actually becoming technically weaker as the Internet of Things and explosion of mobile devices vastly expand the cyber perimeter. Meanwhile, the attack community – wisely investing in their business – is becoming much more sophisticated, including finding new weakness in the core protocols the Internet is based on. The “APT” – the Advanced Persistent Threat — has now become the Average Persistent Threat as the sort of elite attack methods we saw only between nation states and DIB partners a few years ago have now become fairly common place throughout the economy.
And, of course, the economics of cybersecurity all favor the attacker. Attacks are cheap, easy and profitable. Defense is mostly reactive, underfunded and misplaced from a cost benefit perspective.… (read on!)
GOVERNMENT NEEDS TO GET ITS OWN ACT TOGETHER WITH RESPECT TO CYBERSECURITY
Last week, I commented that given we have spent much of the last decade developing a consensus on an overall approach to cybersecurity as articulated in both the House GOP Task Force on Cybersecurity and President Obama’s Executive Order 13636, the one thing we don’t need from the newly appointed President’s Commission on Enhancing National Cybersecurity is a new “plan.” We need action.
For the next several weeks, I’d like to offer my own top ten list of what actions the next Administration ought to undertake to improve cybersecurity.
Item one: Government needs to get its Own Act Together with Respect to Cybersecurity.
Government’s credibility in educating, let alone regulating and mandating, cybersecurity in the private sector is clearly undermined by its lack of demonstrated ability to manage its own house…. (read on!)
DEAR CYBER COMMISSION, WE DON’T NEED A NEW PLAN
A wise person once said every great plan eventually dissolves into actual work.
What we need right now is actual work on cybersecurity.
We have spent much of the past decade, and particularly the last 5 years, coming to a consensus on the best approach to improve our overall cybersecurity.
Back in 2008, two competing approaches to cybersecurity existed: the strategy outlined by the Bush Administration’s National Strategy to Secure Cyberspace, and an alternative approach articulated in the Lieberman-Collins Cybersecurity Act.
The National Strategy to Secure Cyberspace argued that the Internet needed to be free of government involvement and adequate security would evolve naturally from the market in response to the growing threat…. (read on!)
That’s democratic with a small d.
The most under-reported story of Super Tuesday is certainly not that Donald Trump has seized hold of the GOP nominating process or the Party’s internal revolt — that story has been beaten to death.
It is also not that Trump has used social media, like Bernie Sanders, to circumvent the establishment — that story is actually inaccurate in at least one important respect.
The most important story from the overall political perspective is HOW Donald Trump used social media.
Bernie Sanders used social media to raise millions of dollars so he could purchase TV and radio advertising to compete with the better-funded Clinton campaign. Trump is using social media to bypass the need for TV and radio advertising
Trumps use of social media as a persuasion tool, rather than primarily as a fundraising tool, ironically strikes at the core issue of the Sander’s campaign which is that big money has corrupted the political process…. (read on!)