Cyber Defense vs. Offense
Welcome to spring! We started the season with a fascinating session with some of the luminaries from the Presidential Commission on Enhancing National Cybersecurity and discussants Cheryl Soderstrom, Hewlett Packard Enterprise, and Jenny Menna, U.S. Bank. The biggest idea to come from the session was proffered by Steve Chabinsky, a former FBI Deputy Assistant Director, original InfraGard champion, and who also served as one of the Commissioners during the writing of the report. His concept focused on how right now the model for securing our enterprises was not efficient or cost effective: we would never ask each household to filter and clean their water at the tap - we go to the source and deliver clean water to each household. Why don't we do that with cyber? It was a great question and one, perhaps, that we don't ask often enough. As we busily work to patch systems, educate consumers on cyber hygiene, and defened against attacks, Mr. Chabinsky believes we should be much more on the offensive.
That sentiment was echoed in a recent talk by Marci Forman, formerly with ICE and now Managing Director of the Global Investigations Unit at Citi, she also suggested that we know who, we know where, we just are not aggressive in pursuing the sources of many of our cyber headaches.
There are a number of challenges to this approach - perhaps the largest being that the private sector would bear much of the cost and risk in an approach that could escalate a "cyber war." But with an approximate global cost of $400 billion just last year alone,* is it worth some more serious consideration?
I'll leave you with that thought for the week - and encourage you to sign your kids up for our CyberCamp2017 this Friday (check our website for registration information then) or sponsor the camp and tomorrow's cyber warriors (see below about how to sponsor).
No matter what happens...we'll need them!
*Retrieved from http://expandedramblings.com/index.php/cybersecurity-statistics/ 05 April 2017