A new vision for cyber defense
Government, industry pros face the future at 2017 Cybersecurity Leadership Forum
The danger that keeps cyber defenders awake at night is not necessarily North Korean. Or Russian syndicates. Or a 14-year-old hacker in his mom’s basement.
It’s you. And me. And Matt Moynahan, CEO of cybersecurity firm Forcepoint.
“Meet Matt: the worst nightmare for cybersecurity professionals,” Moynahan said. “I have authority. I write and influence policy. I have access to my company’s systems.”
The individual, the human point, is the new frontier in cyber defense, Moynahan said, speaking at Forcepoint’s 2017 Cybersecurity Leadership Forum in Reston, Virginia. The April event drew more than 500 government and industry cyber professionals to hear from Moynahan and guest experts, including former CIA director Michael Hayden, former White House Chief Information Officer Theresa Payton and futurist Peter Singer.
“Humans are the ultimate vulnerability,” Moynahan told the crowd. “The human point of intersection can, with one click or an email, bypass the most sophisticated security.”
Several of the event speakers agreed that cybersecurity needs to deepen its focus on the individual.
“Security is fundamentally broken, and it’s been that way a long time because we don’t focus on the human,” said Payton, the former White House CIO. ”We need to design for the human psyche.”
Which means abandoning the idea that there has to be malicious intent, according to Moynahan. Even an employee with good will can inadvertently or accidentally open an organization’s systems to attack.
“I can go from a good employee one day to compromised the next,” Moynahan said. “Was I approached by an outsider with a get-rich-quick scheme? Was I blackmailed? Or did I not get enough sleep the night before, when I clicked on that Google link?”
Forcepoint, which is 80 percent owned by defense contractor Raytheon, is at the vanguard of efforts to adapt military cybersecurity technology to protect commercial organizations. Several speakers at the event noted the need for cooperation between the public and private sectors.
“When cyber warfare comes, it will come over commercial networks,” said Michael Daly, Raytheon’s chief technology officer for Cybersecurity and Special Missions. “We’ve seen a change in the way attacks are conducted today, because they have become a huge criminal venture. Who do we hold accountable?”
Former CIA Director Hayden explained that citizens historically turn to government to fend off attacks, but it’s different with cyber.
“We’re seeing a convergence between the actors; nation states, criminal gangs, hacktivists,” he said. “Governments, by definition, will move too slowly to respond. The cavalry’s not coming.”
Instead, Hayden said, the answer will come from the private sector.
“When the government is late to need in the U.S., the private sector steps up,” he said. “And what we see now is a tremendous amount of entrepreneurial and technological energy in the private sector.”
Futurist Peter Singer said it’s important for government and industry to “cross that divide and work together more closely than ever” in the face of changes in three arenas: technology, place and a new threat environment.
New dangers arise from the changing nature of the cyber attacker, Singer said.
“It’s not individuals seeking attention (any more),” he said. “It’s highly organized crosses between criminals and the state.”
As for place, the virtual nature of cyber is blurring the borders between nations.
“While it’s states going after each other, the technology itself is inherently global,” Singer said.
And although technology may have been a driving force behind the need for cybersecurity, it will also provide much of the answer.
“It’s technology,” he said, “that gives you something that was science fiction a generation ago.”