President-elect Donald Trump’s transition team announced Thursday that former New York mayor Rudi Giuliani “will be sharing his expertise and insight as a trusted friend concerning private sector cyber security problems and emerging solutions developing in the private sector.” The details of this new role are vague and sparse; but it would be fair to say that it has raised eyebrows in the security industry.
Some reports suggest that he will be the new administration’s security Czar. For the moment, that is probably an exaggeration. The transition team announcement says only, “It is contemplated that the President-elect will be hosting a series of meetings with senior corporate executives from companies which have faced or are facing challenges similar to those facing the government and public entities today, such as hacking, intrusions, disruptions, manipulations, theft of data and identities, and securing information technology infrastructure… Mr. Giuliani was asked to initiate this process because of his long and very successful government career in law enforcement and his now sixteen years of work providing security solutions in the private sector.”
From this it would appear that Giuliani’s role is primarily that of a facilitator for meetings between the administration and private industry to discuss problems and practical solutions in cyber security. The announcement makes it clear, “No consensus advice or recommendations resulting from group deliberations or interaction is expected or will be solicited.” This should be a positive step with the administration listening to those who suffer from cyber security attacks rather than just those who sell solutions to those attacks.
It is the idea of Giuliani ‘sharing his expertise and insight as a trusted friend’ that raises eyebrows. His name is not well known in the cyber security industry, although his firm, Giuliani Partners, is a security consultancy. Needless to say, the firm’s website was rapidly examined by security professionals and immediately lambasted. The site, www.giulianisecurity.com, has now been taken down, but not before researchers noted a string of security issues.
These included expired SSL, use of Flash, exposed CMS login, out-of-date software and numerous open ports. Not everyone believes that should be a concern. Robert Graham at Errata Security wrote today, “But here’s the deal: it’s not his website. He just contracted with some generic web designer to put up a simple page with just some basic content. It’s there only because people expect if you have a business, you also have a website.”
But that’s not how cyber security works. You cannot just contract with some generic consultant and leave it at that — it is continuous attention to detail that makes the difference between secure and compromised. Where you don’t know the solution yourself, you need to be able to take advice from others. It is suggested that as mayor of New York, Giuliani was advised by the police not to site the city’s emergency response center in the World Trade Center for reasons that included its history as a terrorist target. Giuliani did not heed this advice, and the emergency response center was destroyed with the World Trade Center, 9/11.
Despite these concerns, Giuliani could prove a good selection if his role is primarily as an informal executive meeting facilitator. Although frequently described as a cyber security firm, his consultancy is more strategic than hands-on. Before it was taken down, the website described the ‘portfolio of services’ as including ‘Global Investigations/Litigation Support/Due Diligence’ and ‘Brand Protection/Anti-Counterfeiting Strategies & Solutions’. Clients include “governments, global corporations, energy industries, law firms, financial institutions, and universities among other organizations.”
In a conversation with Fox & Friends, Giuliani described his role as just such a facilitator. “The idea here is to bring together corporate leaders and their technological people. The president will meet with them on an ongoing basis as well as anyone else in the Administration. … I’ll coordinate the whole thing. I’ll get the people in, make sure the meeting takes place, make sure they get the information from the private sector.”
Cyber security information sharing between industry leaders and between industry and government can only be a good thing.
More from Kevin Bowers
- Alexa May Be Recording More Than You Realize
- UK’s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure
- Artificial Intelligence in Cybersecurity is Not Delivering on its Promise
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Testing Security Products: Third-Party Standards vs. In-House Testing
- New Cyber Readiness Program Launched for SMBs
- Personal Details of 120 Million Brazilians Exposed
- Researchers Find Thousands of Twitter Amplification Bots in Just One Day
Latest News
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
