Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Bloomberg Cybersecurity Conference: Understanding Cyber War – and Fighting Back

NEW YORK, NY – Bloomberg Cybersecurity Conference — Mentioning Pearl Harbor conjures up images of death, destruction and dread, making it a popular metaphor for conveying the devastation that could be caused by a major cyber attack. But there may be a more accurate allegory from World War II – the Japanese invasion of Singapore.

NEW YORK, NY – Bloomberg Cybersecurity Conference — Mentioning Pearl Harbor conjures up images of death, destruction and dread, making it a popular metaphor for conveying the devastation that could be caused by a major cyber attack. But there may be a more accurate allegory from World War II – the Japanese invasion of Singapore.

“Singapore (was) a British colony at the time,” explained Cedric Leighton, founder and CEO of Leighton Associates and a former military intelligence officer. “Guess what happened? The Japanese came in through the Malaysian Peninsula using bicycles – think (computer) virus…They got to Singapore. They were able to take Singapore because their guns were pointed in the wrong direction.”

Bloomberg Cybersecurity ConferenceAfter all, he added, the Japanese only intended to bomb Pearl Harbor, not hit it and stay.

Regardless of the metaphor, Leighton and other panelists agreed at the Bloomberg Cybersecurity Conference Thursday, addressing cybersecurity challenges requires a multi-faceted approach.

“Cyberspace is not civilized,” said panelist Tom Kellermann, vice president of cyber security for Trend Micro. “If you as a multi-national corporation get hacked, you’ve have got a one in one hundredth chance the FBI is going to successfully investigate that.”

“Only you can save you,” he added.

In part, prevention means understanding the convergence of technologies, he said.

“If I hack your phones, I can control your physical reality as well. I’m tracking you, I turn the microphone on when you’re in a sensitive meeting…the physical manifestation of my cyber presence,” Kellermann said.

Assuming that security will break down, organizations must also think in terms of limiting the damage hackers can do once they break in, he said.

Advertisement. Scroll to continue reading.

“I can make sure that when you break into my house you break into my basement and you are stuck with my Rottweilers,” Kellermann said.

The adoption of cloud computing services has also changed the way companies need to think about the security landscape, by broadening the attack surface and introducing liability issues. Service level agreements, he explained, now have to be examined for more than just uptime and downtime. Consideration also needs to be given to third-party risks, he said.

“We need to understand that there are new critical infrastructures within critical infrastructures that provide an ephemeral landscape that must be secured,” Kellermann said.

Prevention also means improving application security and securing embedded technology, noted fellow panelist Jeff Snyder, vice president of cyber programs at Raytheon. But it also means fighting insider threats.

“WikiLeaks is the elephant in the room for a lot of people who deal with classified information,” Leighton said.

“That guy, the suspect, had a security clearance…(organizations) need to take into account that they may pass the initial screening, but there may be other issues – whether they are psychological issues, whether they are financial issues, whether they are vulnerability blackmail issues – these are all human realities. The social reality of this kind of behavior is age old, but it becomes…even more important when you can obtain access to so much sensitive data because of your insider knowledge, your insider credentials.”

Organizations also need to do a better job of identifying just what assets are critical and understanding what is in their IT environment, said panelist Christopher Valentino, director of contract research and development, cyber intelligence division for Northrop Grumman Information Systems. An enterprise can’t protect what it can’t see, he said.

“It’s not a lost cause,” Leighton said, adding it’s important for organizations to “fight back.”

“You don’t do it by brandishing a gun or shooting up a town or anything like that,” he said. “What you do is you develop smart security procedures, you understand what they are doing…you do the things that make it harder for them to do what they are trying to do to you.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

More People On The Move

Expert Insights