Editor’s Note: The following is a preview for an upcoming panel session at SecurityWeek’s Suits and Spooks Conference taking place in New York City on June 20-21, 2014.
By Adam C. Firestone, Senior Vice President and General Manager at Kaspersky Government Security Solutions, Inc.
Washington is a city split along partisan lines to an almost tragicomic extent. One side will find no fault in any of the administration’s actions or positions, the other will find nothing but indiscretion, misconduct and transgression. Despite the level of divisiveness and vitriol that persists in the current political landscape, there is one topic on which both sides agree. That topic is cyber.
Both sides agree that a secure and stable cyberspace is a critical component of national security, economic prosperity and desirable civic policies that educate, enfranchise and empower the body politic. Both sides would also agree that the current cyber environment is hostile, unpredictable, insecure and inherently dangerous – and that this is a problem. A big problem.
How big? Depending on whose numbers you believe, the annual costs of cybercrime in the United States (U.S.) exceed $120 billion annually, with global costs as high as $1 trillion. And if that’s not sobering enough, those numbers fail to include national security impacts (remember the WikiLeaks debacle and Private Manning?) or future economic growth as nations bleed out the intellectual property that is vital for innovation and economic growth. (One study indicates that over half a million jobs were either lost or not created in the United States in 2013 due to cyber-crime and hacking.) In quantitative terms that are as specific as any expert can express (if they’re being honest), the cyber problem is REALLY big, enormous and frighteningly huge.
Historically, when faced with problems of this magnitude that cut across the societal spectrum, we look to the Federal government for solutions as it had the unique ability to bring forth both unparalleled resources and expertise not normally found in industry to solve problems. Unfortunately, the cyber problem differs in both scale and character. It’s not just the size of the problem as measured in terms of dollars or potential damage, it’s cyber’s unprecedented breadth. Cyber touches everything from online personal banking to remote monitoring and control of power generation stations to the storage of the sensitive but unclassified intellectual property of the national defense industrial base. Even refrigerators and automobiles have IP addresses.
Cyber also changes the equation when it comes to the locus of solution expertise. When the Barbary corsairs threatened American commerce in the 18th and early 19th centuries, the response was to exploit government expertise to both re-establish the United States Navy in March 1794 and land Marines in North Africa. With respect to cyber, expertise and knowledge necessary for an effective solution resides largely in the private sector. Complicating matters further, many centers of cyber-expertise are outside the United States.
The pervasive nature of cyberspace in our daily lives, the reliance which we’ve placed upon it and the fact that cyber, by its nature, is geospatially agnostic means that we have to think about the solution space differently. Since cyber cuts across all vertical and horizontal boundaries, any solution to the cyber problem must be approached in a holistic manner that fuses technical, political, social and economic intelligence into a common situational and operational picture that enfranchises all stakeholders and enables them to become part of the solution.
An operational appreciation of these shifts in the locus of expertise and the collective vision necessary to forge an effective solution requires a couple of tangible changes.
First, we must reach an understanding of the need for a robust public-private partnership and a common vision for achieving them. Government has resources and a mandate. Private industry has the expertise and the ability to innovate rapidly and with agility. To a large extent, the U.S. government is well situated to take advantage of this expertise through a mature and well developed acquisitions environment. However, that environment isn’t perfect and many of the mechanisms by which it functions can exert a chilling effect on the very innovation sought. Additionally, current acquisitions paradigms make it difficult for government to leverage the power and capabilities of innovation emanating from locations outside the U.S. Effective response to the challenge of the cyber problem will require acquisitions processes that are significantly more agile with respect to enfranchising valuable partners from the private sector.
For its part, industry needs to internalize the need to work within the processes set up by government to foster industry partnerships. For example, there are a number of well-defined paths by which enterprises with significant foreign ownership can work with the US government. These processes are intended to ensure best value (the U.S. government is, after all, the steward of the public purse) and to create the vital nexus of trust essential to effective teaming. What’s necessary and required for the generation of this most essential public-private enterprise is a convergence of vision and a spirit of willing cooperation.
Next, the lens through which we view the cyber problem has to evolve. Cyber is ubiquitous, and as such is not simply a technical problem that can be solved with a Manhattan Project-like firehose of funding and sequestration of brilliant technical minds in a remote location. To fully appreciate cyber, perspectives from across the spectrum must be sought and valued, and correlated and fused into a cohesive cyber picture that enables collective sense-making for a broad, pluralistic community. This lens starts with what we call today “cyber-threat intelligence.” Cyber-threat intelligence is still in its infancy, and as such, is still largely a technocracy. As it matures – and it must – cyber-threat intelligence will take on more of an “all-source” character and provide insight into “why,” “who,” “when” and “where,” in addition to the technical “how.”
To reiterate, the cyber problem is large. But to take a glass half-full perspective, it’s a Gordian knot that is very severable. Making the cut, however, will require acceptance of new paradigms in both how public-private partnerships are managed and maintained and the breadth of scope with which the cyber problem is viewed.
Abstract: Panel - "Global Vision, Targeted Operations: Disruptive concepts for public-private partnership and cyber intelligence fusion"
Panelists: Adam C. Firestone, Kaspersky Government Security Services; Hilary MacMillan, Kaspersky Government Security Services.
The challenges posed by cyber-crime, cyber-terrorism and cyber-warfare to economic, national and physical security present a significant global threat. Defeating such a threat demands a holistic approach, including disruptively innovative ideas, organizational agility sufficient to forge such ideas into effective tactics, techniques and procedures and a public-private partnership built on strong foundations of trust.
This presentation offers a case study of such an approach. For purposes of clarity and brevity, the discussion will be bifurcated, first discussing the benefits of establishing a trusted public-private collaboration between a global corporation and the US Government, this organization’s internal structures and capabilities as well as the regulatory exoskeleton that simultaneously defines, constrains and enables its operations. This will be followed by a discussion of an innovative security operations paradigm involving cyclical, interdependent intelligence and engineering activities. The presentation concludes by challenging the cybersecurity community to embrace disruptive new ideas and approaches.