One consistent theme throughout Cybertech Fairfax 2017, which took place on Tuesday, June 13, was the critical need for innovative technology that safeguards against cyber intrusion. However, cybersecurity experts warn that as information technology (IT) improves, human interaction will continue to be a primary point of cybersecurity vulnerability unless leaders improve workforce policies and training.
Michael Chertoff, former U.S. Secretary of Homeland Security, kicked off the conference by addressing the state of cybersecurity and how companies and agencies need to better prepare professionals. Creating an empowered workforce and a proactive state of readiness is vastly more effective than focusing only on innovative technology that means a continuously defensive posture.
Fellow leaders, many of them hailing from private startup firms, reinforced the importance of risk management preparation. The message was that cybersecurity technology is only as effective as the workforce that’s implementing it.
Technology Enforcement May Improve Cyber Resilience
Technology is both a crutch as well as a solution for combating cyber terrorism. According to Dr. Douglas Maughn, Director of the Cyber Security Division in the U.S. Department of Homeland Security’s Homeland Security Advanced Research Projects Agency (HSARPA), the current budget for cybersecurity is close to $100 million.
Industry leaders are constantly on the lookout for innovative technology. Maughn mentioned that the U.S. Department of Homeland Security will host a Cyber Security R&D Showcase & Technical Workshop in mid-July to display all of the projects they are currently funding.
However, Dr. Maughn has concerns with tying operational technology (OT) to IT. The main focus in cyberspace continues to be within IT, when there needs to be a better counterbalance between OT and IT. This is where the move to leveraging more startups and their innovation, both in the government and private sector space, come into play.
Rajeev Barua, founder & CEO of SecondWrite, stated that “current cybersecurity tools are an issue.” Their function right now is to detect intrusion, but once that occurs, the computer system can’t distinguish malware from a benign entity.
Barua believes that his product will help systems to minimizing this type of discrepancy and will clarify where intrusions live. His product is in beta testing with an expected launch in the third quarter of 2017.
Another approach to combatting cyber intrusion is through a “blitz” strategy put forth by Gadi Evron, CEO of Cymmetria. This company created what Evron believes is a comprehensive cyber deception product.
Evron’s tool is engineered to confused attackers upon entry into a computer system. It would create a scenario where attackers’ direct line of contact to their main objective would be blurred by cloned components.
Identification is another concern for cyber intrusion. ID DataWeb’s Senior VP for Corporate Development, Paul Donfried, stated that we are “continuing to rely on static credentials, making it easier for an identification takeover.”
Donfried’s product offers three types of services to help authenticate system users to minimize the threat of intrusion. Those three services revolve around “verify, trust and access.”
The Role of Innovation in the Cyber Challenge
During the “Infrastructure Security and Smart City” panel, the experts were asked about the role that innovation will play in our cyber-challenged society. Emily Early, Director Office of Strategy, Policy, and Plans National Programs Directorate in the U.S. Department of Homeland Security, stated that the government wants to lead innovation.
While the government may not be developing new technology themselves, they want to be at the table with technological innovators who are creating new systems to combat these threats. Emily believed that the WannaCry attack was due to the fact that the technology in affected computer systems was outdated. This belief further reinforces the repeated statement throughout the conference that there is a great need to keep systems updated and “immune” in order to stay ahead of hackers.
Dr. Emily Miller-Hooks believes that “a system is more resilient when we are innovative.” Dr. Miller-Hooks is the Bill and Eleanor Hazel Endowed Chair in Infrastructure Engineering, Dept. of Civil, Environmental and Infrastructure Engineering at George Mason University. She noted that there needs to be a balance between innovation and collaboration in order to meet the needs of our infrastructure for cyber security.
“I’ve always seen disruption as an opportunity,” stated David Ihrie, CTO for the Center for Innovative Technology. David also expressed his opinion that with the new digital divide, there needs to be more OT and smarter digital deployments. He feels that we need to deploy this innovative technology in a new way.
Where Do We Go Next in Cybersecurity?
With events like Cybertech Fairfax, and the growing audience of cybertech companies coming together throughout the U.S. and progressive nations like Israel, it’s apparent that more action needs to be taken to safeguard our computer systems for both government and private entities. The experts in attendance ranged from government agencies like the U.S. Department of Homeland Security, cybersecurity experts from Israel National Cyber Directorate, the Secretary of Technology for the Commonwealth of Virginia, and numerous startups. They echoed that same sentiment with a call to action for more protocols to strengthen identification intrusion, the improvement of flawed cybersecurity tools and the need to educate the budding cyber security workforce.
Companies need to be more diligent about their governance procedures for their company information. In addition, federal agencies will continue to be on the lookout for the latest technology and innovation to turn cyber intrusion on its head.