Nawaf Bitar is fed up with talking about outrage over the invasion of privacy and theft of intellectual property in the cyber world.
“The attack on our information is outrageous,” Bitar, senior vice president and general manager of Juniper Networks’
security business unit, told the crowd at the RSA Conference in San Francisco recently. “But you know what? I don’t think we give a damn.”
Bitar named his session, “The Next World War Will be Fought in Silicon Valley.” He gave us a perspective on where cyber risk intelligence is headed in 2015 – calling the innovations of our technology a blessing and a curse. Our private information is being compromised, recorded and stolen at an astounding rate daily and we should be outraged and fed up. But how do the innovators of the technology fight back? We are loosing intellectual property, data assets. Who do we call to get them back? Governments? Cyber police? Do we go and take them back?
“In addition to family and money, I think it’s high time we added our information to the list of things we care about,” he said.
That set the stage for James Comey, the new FBI Director, who told us all it is time for sharing intelligence. He went on to tell us the government will be sharing and reaching out to the private sector.
As we know, there are no clear laws or rules on how we share back to government entities without incurring a penalty or fines. There is discussion happening on how there could be an incentive baked in to the new NIST framework using a risk rating for obtaining cyber insurance.
For me, RSA was like being a kid in a candy store. Over 1,000 security companies, the NSA, the FBI and a lot of foreign government were there–and the US government was there doing public-image repair.
All the techies talked about was “risk intelligence and risk transfer.” They each want to “save the cyber world” with risk intelligence but where is the line of defense if risk transfer and mitigation is now the new front line? The tech companies are tired of being on the front line and taking the fall. The threat is still there. Cyber terrorism security experts keep moving the offensive line.
Cyber risk appears to be the only risk in which you get comprised AND you need to apologize to your customers and make sure your company’s share price maintains long-term stability. Now everyone is part of the response of breach containment – lawyers, insurance carriers, brokers, accountants and forensic teams, human intelligence experts and public relations teams.
Take Aways
1. C-Level frustration factor – General intolerance by companies spending $10 million on infrastructure and still being hacked
2. Chief security officers – What happened and what do we do about it?
3. Alert and fix – There is no silver bullet. No Technology is working since 95 percent of breaches are still getting through
4. Try non-technical – Diplomatic channels. Elevate the dialog
5. State of the Union – We need to do something about cyber espionage. Stolen IP is enough now
6. Twenty-one different industries are on the Chinese radar being hacked and infiltrated
7. Electronic evidence and safe harbor acts – Committing crimes from 6,000 miles away and getting away with it
8. Armed conflicts are being leaked to nation states that are involved in the counter attacks. Social media is winning wars with “boots on the ground”
9. Vunerability – Humans that work behind your safeguards and security. We now have better security – the shell has hardened – but the humans are being targeted
10. “Defenders are trying to defend thousands while offense is looking for the one server or data closet to hack into,” said Kevin Mandia, senior vice president and COO of FireEye