Cyberspace Expands Threat Matrix - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
News
11/3/2014
09:06 AM
50%
50%

Cyberspace Expands Threat Matrix

National security experts warn there is no privacy or security any more.

NASA Spinoffs: 6 Innovations In Health & Medicine
NASA Spinoffs: 6 Innovations In Health & Medicine
(Click image for larger view and slideshow.)

When a long-standing member of the intelligence community says expectations of privacy and security on the Internet are gone, it pays to listen.

"It has become apparent to all of us, as it did in the early 2000s, there are no secrets. We ought to just give up the notion of secrets, [and also] no such notion of security," said Stephen Cambone, former Undersecretary of Defense for Intelligence, Thursday at SAP NS2's National Security Summit.

Cambone added that anyone getting online through a network should approach it "with the idea that someone is already there or can find their way there."

The conference focus was to discuss national security in the post-Snowden era, following the contractor's release in early 2013 of thousands of documents from National Security Agency networks. Speakers made clear that they are frustrated the public does not understand the truly serious dangers posed by the lack of Internet security.

[Here's why federal agencies must digitize records: In Government, No Excuse For Missing Documents.]

Michael Hewitt, former Navy staff member for the Joint Chiefs of Staff and now CEO of HSH Analytics, said the intelligence community has spent the last eight years doing what he calls "discovery learning."

"Just eight years ago we had an ungoverned space," Hewitt said. "I think we've done a really good job [over that time] defining … where the thresholds are."

But intelligence agencies don't really have the tools to do what they're called upon to do, he added. "We haven't defined what the shared situational awareness requirements are, [or] for the private sector, what is their role in protecting themselves."

Adam Karcher, FBI deputy director, Office of Data Exploitation and the National Cyber Investigative Joint Task Force, said, "One reason the intelligence community doesn't have the [security] toolset is because the public doesn't understand the nature of the threat."

Karcher said that the public in general doesn't understand what cyberspace is. "'Cloud' means something different to the public than to engineers. The Internet outpaces our ability … to understand the implications of implementing [a new technology] as soon as it's invented."

Stephen Cambone
Stephen Cambone

"I hope it doesn't take a catastrophic event to make us understand the shared risks," Hewitt said.

Cambone agreed, calling the issue of Internet security one of "critical national importance. It is at the heart of our everyday lives."

The Target incident - when the retailer was forced to reveal that millions of its customers' accounts had been hacked -- did manage to elevate the issue in the public's consciousness, the panelists agreed, but the incident also demonstrated the weakness of the current system of laws and regulations, both for cyberspace and in the financial world, to tackle the challenge.

Companies are reluctant to share information about attacks on their networks because of existing laws that might consider it a form of collusion. They also worry about damage to their businesses and reputations with customers.

Cambone said that getting past the private sector's reluctance actually is an issue for Congress, "to bring the right people [in] both chambers together to see where legislation will help."

He said congressional action should focus on "framing legislation, not trying to solve each individual problem."

Taking action is critical, said Alan Wade, former CIO of the CIA, because "the threat environment is so unpredictable that it's [impossible] to position [our IT] systems against threats."

Wade said the promise of cloud computing "is that we'll be able to do that at the speed of reconfiguring infrastructure, rather than the speed of moving people."

How cloud, virtualization, mobility, and other network-altering trends impact security -- and the IT pros responsible for infrastructure protection. Get the Network Security Career Guide issue of Network Security today.

Washington-based Patience Wait contributes articles about government IT to InformationWeek. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
11/3/2014 | 10:14:11 AM
Public Perception
One thing that struck me was the horror and headline news surrounding the Target breach and the relatively little reporting about the more recent -- and IMHO much more worrying -- breach at JP Morgan. In speaking to CIOs and CSOs, they were much more concerned about the JP Morgan breach, given the financial sector's well-deserved reputation for spending, focus, and skill at cybersecurity (especially when compared with retail). Yet here was a huge financial organization hacked -- and the public was, generally, less concerned, as were mainstream reporters.

I'm unsure whether it was because of the timing: After all, this came after Target, Home Depot, Chang, and several other large retailers/restaurants. Or because consumers' financial information, apparently, wasn't stolen. But whatever the reason, the ennui was disappointing.
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
Commentary
AI Ethics Guidelines Every CIO Should Read
Guest Commentary, Guest Commentary,  8/7/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll