Wednesday, April 8, 2015

Innovator's Dilemma - Cyber-Security ... This Is Where We Are Today?!

Been wrestling with what to do about something I discovered several weeks back  
at the Payment Industry "Innovation Project 2015" conference held on Harvard University campus in Boston. While I have imagined volunteering to build a association, a council, a coalition or some other like entity .... for now I'm simply sharing via this blog post.  Besides an agenda packed schedule of very good panelists on a wide range of industry topics, the afternoon of the second day of the conference had a panel discussion entitled "From Authentication to Identity". Included on that panel was a marquee speaker: Retired Star General Keith Alexander who had also recently served as Deputy of NSA (National Security Agency).


Several panel discussions included a prelude interview with a key panelist from respective upcoming panels. Following this format, Liz Claman, Fox Business News Anchor - interviewed General Keith Alexander along with Kevin Mandia, President FireEye Inc. - a cyber security/cyber forensics firm. Before this interview, General Alexander made a 10-15 minute presentation to the conference audience gathered to hear him in historic Sanders Theater. The topic of General Alexander's presentation was today's very real and increasing cyber security threats - in the context of not just business and transaction security, but national security.   

While now retired from his military career, General Alexander had a front row leadership role involving security threats to the USA.  As mentioned above, Four-Star General Alexander had served as Director of NSA, plus served as Chief of the Central Security Service and Commander of the United States Cyber Command.  

Of course filtering out classified information, General Alexander was still able to achieve his stated goal at the beginning of his 
presentation ... to scare everyone concerning the current state of affairs with cyber security in the USA and free world.  General Alexander's presentation addressed both the advancing technological sophistication of both state sponsored and rogue cyber attackers, as well as their growing boldness.   

The first of two examples I recall General Alexander sharing was the recent state sponsored attacks by North Korea against Sony because of a dispute concerning some content in a form of entertainment (Sony's movie 'The Interview' which mocks North Korean leader Kim Jong-on). The entire episode was unprecedented on several levels. The private sector was targeted by a state. A private sector entity was not just infiltrated by a hack but attacked, with information sought and released that destroyed personal careers. Further, taking a step back ... the boldness of the attack revealed North Korea's increasing nerve and audacity.


The second example I recall General Alexander sharing concerned ongoing hacking done by Russian and Ukrainian private and state sponsored hackers.  A  
technique these hackers use is to cyber-linger to monitor and test various cyber targets. In the past when US Cyber Security defensive maneuvers detected this cyber-lingering, the lingerers would instantly vanish into cyber space to avoid being identified. Currently however, when US Cyber Security defensive maneuvers detect these cyber-lingerers, they do not flee ... they do the cyber equivalent of not just remaining but also waving back at US security.  Again, another example of elevated boldness and increasing fearlessness.    

General Alexander went on to talk about the sophistication of China's daily hacking efforts against the USA with hundreds showing up to work each day to
probe, access, etc. US Cyber Security anticipates a multi-front cyber attack that could come in the form of consecutive punches ... first crashing major databases like Wall Street, like Air Traffic Control (etc.), then moments later attacking the grid to kill power ... a tactic to confuse cyber first responders as to whether the outage is a direct cyber attack or a power outage - slowing the recovery and giving the attackers more time to menace the US further.  Also discussed was the plausibility of extended outages spanning vast regional geographic areas or larger.  In our culture of today, a powerless and communicationless infrastructure for more than a few weeks could quickly spiral into anarchy as people begin to struggle against each other for basic necessities.

~~~
This was not a fear-mongering tin-hat crawling out from under a rock sharing these genuine concerns, this was the highly credentialed retired General who recently served at the head of NSA & US Cyber Command.  All of this said thus far ... here comes the punch line that General Alexander shared during his direct presentation, as well as during the panel discussion that followed.  The General asked this gathering of industry leaders for help in getting the government and private sector to coordinate efforts to deal with increasingly escalating and imminent cyber security threats. General Alexander then made a statement I found hard to believe:

"We need authority to work together"  


Think about that statement and who it is coming from............ seriously .....

... think about what this recently retired top official just revealed here!  This is where US Cyber Security is today?!  (With news this week that Russian hackers have been infiltrating White House systems, including accessing President's private schedule.)


I'm still not done with my shock and awe post here.

After the panel discussion was over I got up on the stage with other attendees who also wanted to speak with at least one of the panelists who just wrapped up.  I was inspired and determined to speak with General Alexander.  Waiting for others to make their respective business pitches, then watching him get interviewed and filmed by the media team for Innovation Project 2015, I finally had the opportunity to introduce myself along with the honor to shake hands with General Alexander.  I had just one question:

Me:  "General Alexander, your evangelizing here this afternoon completely convinced and sold me.  I hear and agree with the sense of urgency our country has to address our cyber security weaknesses.  I want to help immediately.  When I wake up tomorrow, what can I do right away to help with getting the 'authority' you said is needed (to coordinate government and the private sector) on a Cyber Security push akin to The Manhattan Project)?

General Alexander - pausing for a moment to think:  "The best thing you can do now is to write your Congressional leaders and explain to them the urgent need for authority to coordinate government and the business sector."

As I thanked General Alexander and made my way back to the main reception hall, a image popped in my mind:

   
"Write my Congressional leaders?"  Millions of people contact Congress on countless issues-of-the-day and this is the best answer this top retired official had ready for this gathering of industry leaders after scaring us on the urgency of this problem and need for authority to coordinate?!  :-P   

No comments: