Adopting A Cooperative Global Cyber Security Framework To Mitigate Cyber Threats (Before It Is Too Late)

Read By 68 Members

The recent OPM cyber breach at the U.S. Government’s Office of Personnel Management (OPM) provided a wakeup call to the seriousness and sophistication of the cyber security threat aimed at both the public and private sectors. The fact is that over 43% of companies had breaches last year (including mega companies such as Home Depot, JPMorgan, and Target). Moreover, the intrusion threats are not diminishing. For example, British Petroleum (BP) faces 50,000 attempts at cyber intrusion every day.

According to the think tank Center For Strategic and International Studies (CSIS), cyber related crime now costs the global economy about $445 billion every year. These cyber security breaches demonstrate that there is a continued need for protocols and enhanced collaboration between government and industry.

In 2014 code vulnerabilities such as Heartbleed, Shellshock, Wirelurker, POODLE and other open source repositories caused chaos and harm.  The cyber security community responded to those vulnerabilities with “react and patch”. Unfortunately this means of response has been for the most part, a cosmetic or band aid approach.

The cyber security community’s posture must change to one of wait and react to that of being proactive and holistic. It is not really a question of which policies, processes and technologies are ready and best, that will always be debatable. Being proactive means adopting a working Industry and Government Global Cyber Security Framework that would include measures for encryption, authentication, biometrics, analytics, automated network security, and a whole host of other topics related to cyber threats specifically, a possible framework of priorities should include Industry and Government Priorities:

  • Defining and monitoring the threat landscape
  • Risk Management (identifying, assessing and responding to threats- i.e. NIST Framework: Protect,Detect, Respond, Recover)
  • Protecting critical infrastructure through rapid proto-typing of technologies and Public/Private cooperation
  • Modernizing security Architectures
  • Better encryption and biometrics (quantum encryption, keyless authentication)
  • Automated network-security correcting systems (self-encrypting drives)
  • Technologies for “real time” horizon scanning and monitoring of networks
  • Access Management and Control
  • Endpoint protection
  • Diagnostics, data analytics, and forensics (network traffic analysis, payload analysis, and endpoint behavior analysis)
  • Advanced defense for framework layers (network, payload, endpoint, firewalls, and anti-virus)
  • Enterprise and client Network isolation to protect against malware, botnets, insider threats
  • Practice Areas
  • Mobility and BYOD security
  • Big data
  • Cloud
  • Predictive analytics
  • Interoperability
  • Privacy and regulation trends
  • Resiliency
  • Emerging Technology Areas
  • Internet of Things (society on new verge of exponential interconnectivity)
  • Wearables
  • Drones and Robots
  • Artificial intelligence and Machine learning
  • Augmented and Virtual Reality
  • Quantum and Super Computing (D-Wave, Google)
  • Smart Cities
  • Connected transportation
  • Nanotechnologies and new materials conductivity, neuromorphic chips
  • System interdependencies: monitoring and protecting the supply chain
  • Wireless Mobility – banking, payments, commerce, health, entertainment. Tokens, biometrics, and Chip cards can be used for identity Management

A real challenge in cyber security has been to get democratic governments, agencies, associations, and industry to cooperate in an open and shared manner. Results have been mixed at best. Perhaps enactment of a general working framework, global (at least among Western allies) under pinned with a willingness for cooperation can serve as a catalyst for action. Our economic and security interests require collaboration and a decisive plan of action before it is too late. The security measures and technologies do already exist and can be integrated and improved. Waiting an reacting will no longer suffice as a strategy

This article first appeared on http://www.voodootec.com/cyber-security/adopting-a-cooperative-global-cyber-security-framework-to-mitigate-cyber-threats-before-it-is-too-late/

Chuck Brooks

* EXECUTIVE: extensive service in public & private sectors in Senior Executive Management, Government Relations, Marketing/Sales, Branding, BD, Digital Engagement and as a Technology and Homeland Security Evangelist (featured Contributor for The Federal Times). LI profile is top 1% of all views worldwide. "Cybersecurity Marketer of the Year"; 2016 Cybersecurity Excellence Awards * THOUGHT LEADER/CHANGE AGENT, TECHNOLOGY EVANGELIST; Writer/Speaker, Influencer, Blogger: expertise areas include homeland security, cyber security, defense, CBRNE, IT, R & D, science & technology, public/private partnerships, IoT, innovation. Published in FORBES, Huffington Post, InformationWeek, MIT Sloan Blog, Computerworld,Federal Times, NextGov, Government Security News, Cygnus Security Media, Homeland Security Today, The Hill, Biometric Update, Government Executive, Bizcatalyst360 * PRESIDENTIAL APPOINTMENTS: received Presidential Appointments to serve in executive roles from two Presidents of the United States. * ADVISOR to the Bill and Melinda Gates Foundation Technology Partner Network, CHAIR New & Emerging Tech Committee of CompTIA. SME to The Homeland Defense and Security Information Analysis Center (HDIAC) * DHS: Helped "stand up" Office of Legislative Affairs at the US Department of Homeland Security and served as the first Director of Legislative Affairs at the Science & Technology Directorate. * CONGRESS: Served as Senior Legislative Staff (defense, foreign affairs, security, tech, business) to the late Senator Arlen Specter at U.S. Senate * ACADEMIA: Former Adjunct Faculty at Johns Hopkins University (SAIS) * SOCIAL MEDIA EXPERTISE: 22,000 plus endorsements and 31,500 First degree connections, Co-leader of two of the most prominent Homeland Security Groups on LinkedIn and own or manage 12 other business, tech related LI groups * JUDGE Government Security News Homeland Security Awards 2013,14,and 15. Honorary Member -- Leaders Excellence at Harvard Square

Have Your Say: