The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.

Paul Kurtz, Chief Cybersecurity Adviser, Splunk Public Sector

April 11, 2018

4 Min Read

As long as adversaries can spend $1 on a campaign and force us to spend $10 to protect ourselves, enterprises will lose the war on cybercrime. In the Cold War, the US bled the Soviets dry through a military buildup and Reagan's Star Wars initiative. The Russians and others are now using a similar strategy to financially drain the US public and private sectors in cyberspace.

As the news cycle is inundated with alerts about attacks against our critical infrastructure, cities, and universities, the US Cyber Command has responded with a new "Command Vision." The document provides a sobering read. My attention was drawn to one quote in particular:

Adversaries continuously operate against us below the threshold of armed conflict. In this "new normal," our adversaries are extending their influence without resorting to physical aggression. They provoke and intimidate our citizens and enterprises without fear of legal or military consequences.

While Command Vision sets objectives for the military to regain ground, it is clear that the private sector is also in the crosshairs. State-sponsored and criminal organizations have realized there is little chance of real legal or financial consequences for the foreseeable future. Russia, Iran, and North Korea have found our Achilles' heel. Even worse, they've identified our cyber infrastructure as a vulnerability that is cheap to exploit and makes billions.

But what is the Achilles' heel of cybercriminals? It's that they're lazy. They use advanced persistent infrastructure and tend to reuse tactics, techniques, and procedures over and over again.

Rather than building taller silos of data that become even bigger targets for criminals, US public and private sectors must similarly seek to expand their reach with limited resources. By unifying around common means of intelligence exchange and collaboration, US companies can increase their visibility into events in real-time while keeping costs low. Without effective methods to exchange cyber intelligence, enterprises play victim to attackers' strengths, continuing to build and protect larger data troves with common, single points of failure. As Command Vision states, "We should not wait until an adversary is in our networks or on our systems to act with unified responses across agencies regardless of sector or geography." The same applies to the private sector.

Since 1998, when President Bill Clinton signed Presidential Decision Directive 63, we have been on a quest to fuse data and collaborate. In 2015, Congress enabled organizations to work with each other more easily through the passage of the Cybersecurity Act. In May 2017, President Donald Trump called out the importance of information sharing in his Executive Order on Strengthening the Cyber Security of the Federal Government and Critical Infrastructure. Only now, with the growing frequency and severity of attacks, is the government and the private sector beginning to understand the requirement of collaboration. The Department of Homeland Security has begun to make more detailed information available to the private sector through their Critical Information Sharing Collaboration Program (CISCP), and TruSTAR has seen our customers eagerly participate in these efforts. This is a start, but far more work is necessary.

Enterprises and sharing organizations like the Columbus Collaboratory, the Cloud Security Alliance, and CyberUSA are starting to connect through common collaboration platforms to enable parties to exchange data about suspicious events while retaining control over their data. Sector-based organizations are adopting such technology as well, including the IT and retail sectors. These platforms go beyond threat intelligence and fuse disparate data sets related to fraud and physical security events. Shared technology infrastructure enables companies to work from the inside out, streamlining workflows and creating collaborative bonds within an organization first and moving on to supply chain partners, peers, and entire sectors such as IT and retail.

What's Next?
Joshua Cooper Ramo, in his book The Seventh Sense, notes that government's ability to help secure the Internet will be limited given the light speed of the Internet versus the pace of government's ability to act. Stopping the madness begins with the private sector today.

Interop ITX 2018

Paul Kurtz will be headlining Dark Reading's Cybersecurity Crash Course, May 1, at Interop ITX. Check out the agenda here.

Related Content:

 

About the Author(s)

Paul Kurtz

Chief Cybersecurity Adviser, Splunk Public Sector

Paul Kurtz is an internationally recognized expert on cybersecurity and a co-founder of TruSTAR and now is the Chief Cybersecurity Adviser of Splunk's Public Sector business. Paul began working on cybersecurity at the White House in the late 1990s where he served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights