Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:46 PM
Connect Directly

'Operation Aurora' Changing The Role Of The CISO

Targeted attacks out of China against Google and other U.S. firms have forced some chief information security officers to reach out to their counterparts in other organizations and share attack, forensics information

It's not the only attack-sharing forum, however. U.S. defense contractors already have their own online exchange for swapping attack information -- the Defense Security Information Exchange, for example.

Meantime, while CISOs attend events such InfraGuard, the FBI-led association of local businesses, academic institutions, and state and local law enforcement agencies, CISOs are mainly there to network with security people rather than with their peers, CISO Group's Shimel says. Shimel says the CISO Breakfast Club, an organization with local chapters in Washington, D.C., Baltimore, Pittsburgh, Boston, and New York, is attempting to provide a forum for CISO's to share attack information, he says.

"There's a huge need for CISOs to talk about Aurora, what's working and what's not, and to learn from their peers about what's going on...where they can talk in confidence. We don't have that [on a broad scale]."

But the CSO Council's Terrell says organizations like InfraGuard are often less about intelligence-sharing and typically include plenty of presentations by vendors. The Bay Area CSO Council prides itself in its no-vendor member status. "We're focused in intelligence-sharing," Terrell says.

The council's Franceour says CISOs traditionally have been hamstrung in getting to the bottom of targeted attacks. "CISOs...have been walking around trying to collect crumbs of what happened in the past. It's so frustrating because it seems so ineffective given the actual nature of the threat," he says. "This [Operation Aurora] event is stealing our source code, our competitiveness. This is so extremely important that, to me, we need to define a game-changer on our side because they changed the game on us."

Even so, no CISO wants to be the poster child for a breach of confidentiality or a leak about a targeted attack that doesn't require public disclosure. The recent firing of Pennsylvania CISO Robert Maley for speaking publicly at the RSA Conference earlier this month about a security incident on the state's online driving exam scheduling system, for example, was a stark reminder of what can go wrong when CISOs share their experiences, even in general terms.

"Everyone is afraid" of their businesses being compromised if they share attack information, says Mike Murray, co-founder of MAD Security and with InfoSecLeaders.com. "Even with a confidential forum, it's not going to protect me if someone leaks and my boss fires me. If there's an incident, [there's an] imperative not to say anything to anyone at all."

And the CISO no longer can be just the technical lead at the organization. "There's a real transformation occurring," says Lee Kushner, president of LJ Kushner and Associates and also with InfoSecLeaders.com. "I think a lot of people inherited that position in the late 1990s and early 2000s and are now moving to the end of their career slope. When organizations are replacing their CISOs, they are replacing them with people who have much broader business skills...they need to interact with business units and speak their language with a technical understanding, but not a tech-centric [approach]," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-31
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivile...
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.