CSO on the Road: Pentagon: Cyberspace is the New U.S. War Domain
I’ve been on the road quite a bit and have collected a lot of good information that I want to share with you all. Most of what’s been attracting my attention is the recent crop of targeted attacks. For every one you hear about in the news, another 50 occur behind the scenes. I’ve spent a lot of time working with CIOs and CISOs to help them develop a strategy to protect against these threats.
One place where targeted attacks were a huge topic of conversation was at the U.S. Security Confab event that I attended last week. It’s hosted annually by my friends Jerry Archer, CISO Sallie Mae, Dave Cullinane, CISO EBAY, and Bob Bragdon, Publisher CSO Magazine. If you have never attended I highly recommend it (as if you needed an excuse to spend a week in California). It’s one of the best security conferences in the world.
APTs, targeted attacks, and advanced malware were the common threads that permeated the majority of the presentations. The resounding theme was also the lack of shared strategy and organization within the security community against our common enemy – cybercriminals. Right now when one of us is attacked we share the information upstream with the government, but we fail to turn that into any real, viable intelligence for the private sector. Don’t you think it would be helpful if we had a standardized way to share the intelligence in a standard format that details the “who” and the “how” of the attack? And I’m not just talking about U.S. here; this could be global as well. In this scenario, thousands of companies would be protected instantaneously when one of us learns of a new cyber threat.
Recently, we took a step in the right direction when the Pentagon announced that cyber space is a new battleground. A cyberspace attack on U.S. assets is now considered equal to an attack occurring on U.S. soil. At the same time Department of Defense Secretary, William J. Lynn III acknowledged the need for cooperation. He said:
“Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial. Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.”
This is a great step, but we must continue to organize within the security community, since the bad guys are already organized and many of us stand on our own. Click here to read more about the Pentagon news.
This week I am attending the Austin NG security summit, so next week I will be talking about successful strategies to protect against ATPs and targeted attacks as well as any great insights from the Austin summit. In the meantime, let me know if you have any questions.