Cybersecurity: A Priority for the Next POTUS

When the two major presidential candidates haven’t been focused on each other’s personal behavior or legal imbroglios, they’ve tended to discuss a few major issues such as health care, immigration reform, and battling terrorism. 

Topics: Cybersecurity president obama CNAP Donald Trump Hillary Clinton Presidential campaign 2016

Book Report: @War: The Rise of the Military-Internet Complex

I’ve read a fair amount of cybersecurity books across a wide spectrum of topics—early hackers, cyber-crime, hacktivists, nation state activity, etc. A few years ago, new books were few and far between, but this is no longer the case. I recently posted a blog/book report on Kim Zetter’s fantastic book, Countdown to Zero Day. Allow me to recommend another good one, @War: The Rise of the Military-Internet Complex, by Shane Harris.

Topics: Cybersecurity nsa president obama

Federal Cybersecurity Duplicity

As part of a whistle-stop tour of Northern California, President Obama held a White House Summit on Cybersecurity and Consumer Protection at Stanford University last Friday. Much to the delight of the Silicon Valley crowd, the President signed an executive order (right there on stage at Stanford) to promote data sharing about digital threats. The summit also highlighted industry leaders like Apple CEO Tim Cook, and large critical infrastructure organizations like Bank of America and Pacific Gas & Electric Co.

Topics: Cybersecurity Kaspersky Lab TAXII STIX president obama cyberwar

Grading the President’s SOTU Cybersecurity Agenda

In the wake of the furor over the Sony Pictures attack, President Obama came out swinging in his State of the Union speech earlier this week. Not to be outdone, Senator Joni Ernst (R-Iowa) included a cybersecurity-centric sentence or two in the Republican’s response.

Yup, the President is finally rolling up his sleeves and proposing some Federal cybersecurity initiatives but are these the right actions? Allow me to offer my two cents by grading each of the proposals.

  1. Increased security/threat intelligence between the public and private sector (Grade = B-).  This is a new spin on the old “public/private partnership” that arises from time to time across a myriad of areas. Furthermore, Congress has been wrangling over this for the past few years – first with the Cyber Intelligence Sharing and Protection Act (CISPA) and more recently the Cybersecurity Information Sharing Act (CISA). 
Topics: Cybersecurity state of the union president obama

VCs Jumping Back Into Security Investments

It’s a herd mentality out on Sand Hill Rd. Over the past few years, VCs shied away from many infrastructure and security companies, preferring to bet on cloud computing, mobile computing, and social networking startups.

Now that these markets are saturated and somewhat stagnant, VCs have returned to the information security market like the swallows of Capistrano. According to PWC and the National Venture Capital Association, security funding in 2012 was up 60% over dollars committed in 2010. Judging by the crowds at the RSA Conference in February, I’m sure that VC investment will grow precipitously in 2013 as well.

Topics: Cybersecurity Palo Alto Networks Information and Risk Management FireEye Security and Privacy Security CISO SilverTail cybercrime Imperva venture capital president obama

Executive Order on Cybersecurity: Will It Spark Further Activity?

As Bruce Springsteen once sang, “you can’t start a fire without a spark.” With this in mind, President Obama issued an executive order on cybersecurity this week. Will this truly be a spark?

To answer that question, it is worthwhile to start by describing what the executive order does. There are really three main points as the order:

  1. Directs the Federal government (primarily DHS) to create a program for sharing non-classified cybersecurity intelligence with the private sector.
  2. Asks NIST to create a set of standards and best practices for cybersecurity.
  3. Suggests that the Feds create incentives to encourage private organizations to invest in cybersecurity.
Topics: Cybersecurity Information and Risk Management Security and Privacy president obama

What President Obama CAN Do About Cybersecurity

When it comes to cybersecurity and public policy, I’m as big a cynic as anyone. Why? From a historical perspective, cybersecurity issues were first recognized during the Bush administration (41, not 43). Over the subsequent 20+ years we’ve experienced misinformed rhetoric, overlapping agendas, and inaction, but little meaningful progress.

Now I realize the President has some higher priority issues to deal with and that cybersecurity is neither sexy nor universally understood. That said, however, there is no denying that things are getting progressively worse. Just this week, congressman Mike Rogers (R, Michigan), stated that he believed that 95% of private sector networks are vulnerable and most have already been attacked.

Topics: Cybersecurity Information and Risk Management Security and Privacy federal government state of the union president obama

Politics 1 Cybersecurity 0

Topics: Cybersecurity Information and Risk Management Security and Privacy Kaspersky Lab president obama senator joseph lieberman

Cybersecurity Legislation and APTs

We are entering a new phase in the lengthy cybersecurity legislation saga. Last Thursday, Senators Lieberman (I-CT), Collins (R-ME), Rockefeller (D-WV), and Carper (D-DE) introduced the revised Cybersecurity Act of 2012 out of the Homeland Security and Government Affairs Committee. Old name, but the new bill (S.3414) is a true compromise. Rather than mandating that critical infrastructure organizations comply with a DHS cybersecurity framework, the new bill provides incentives to organizations that comply with cybersecurity best practices voluntarily. Furthermore, the new bill borrows from the best of the Republican-sponsored alternative, SecureIT Act, as well as some of the more palatable measures outlined in the controversial CyberInformation Sharing & Protection Act (CISPA).

As of today (Monday, July 23, 2012), there is no schedule for debate or a vote, but President Obama already declared his support for the new bill and publicized his opinion in the Wall Street Journal.

Topics: Cybersecurity Information and Risk Management Security and Privacy cybercrime APT advanced persistent threat president obama cybersecurity legislation

Cybersecurity Bill Soap Opera

It's been about a month since I last blogged about cybersecurity legislation, so here's a brief review of where we stand.

Topics: Cybersecurity Information and Risk Management Security and Privacy APT advanced persistent threat president obama senator joseph lieberman