Estonia has established a dedicated cyberdefense infrastructure and implemented new policies that are serving as models for other allied nations gearing up for potential cyber attacks. The Estonian measures come in the wake of the Baltic nation undergoing a severe cyber attack in 2007.
Encountering many variables as it strives to achieve effective cybersecurity, NATO is focusing on two long-standing constants to move forward: training and partnerships with industry. The Atlantic alliance is seeking industry help in pursuing solutions, and it is adopting many traditional methods and institutions to train personnel in vital cyberskills.
Defenders of cyberspace need to concentrate on the critical services provided by the critical infrastructure, not the infrastructure itself, according to a leading cyber expert. Melissa Hathaway, president of Hathaway Global Strategies and former acting senior director for cyberspace with the National Security Council, said that the future of the West is held hostage to the fact that its security and resilience are threatened.
Even with the rising tide of nation-sponsored cyber attacks, NATO does not yet have a policy—let alone a definition—of what constitutes a cyber attack that would mandate a response under Article 5 of the alliance’s Washington Treaty, according to NATO officials. Article 5 defines an attack on a NATO member as “an attack on all,” requiring a response by all members against an aggressor.
Government and the private sector must determine ways of cooperating in the fight to defeat cyberthreats, or else both will face potentially catastrophic consequences.
With cyber losses running in the hundreds of billions of dollars, the private sector must establish its own standards for cybersecurity or face government regulations that would be painful for some firms. Either way, regulatory guidance is necessary for the private sector to avoid potentially fatal hemorrhaging of assets and information to cybermarauders.
A new management trend may impel corporations to implement better cybersecurity: lead or get out of the way. Either corporate leaders take the initiative for improving their companies' cybersecurity, or shareholders will demand their ouster following a damaging attack that puts corporate futures in doubt.
Businesses that neglect their cybersecurity needs risk being put out of business by even the simplest of attacks, according to cybersecurity experts. While all companies face the threat of a devastating financial cyber robbery, even a simple attack that steals information could be the end for a small- or medium-size business.
Many U.S. companies are losing business because of cyber issues expressed by foreign firms. These concerns can range from fears of U.S. vulnerabilities to worries that intelligence agencies will have access to information held by U.S. contractors.
"Cyber is the ultimate team sport." The U.S. Cyber Command (CYBERCOM) faces a unique set of challenges as it tries to engage industry and academia in the cybersecurity effort, according to its commander.
The U.S. Cyber Command (CYBERCOM) views the Defense Information Systems Agency as a key partner in its effort to secure defense cyberspace. This includes the agency having an operational mission in which it plays a critical role in defending defense cyberspace, according to the commander of CYBERCOM.
Situational awareness, automated decision making and a new way to refresh work force skills rank high on the U.S. Cyber Command's (CYBERCOM's) list of needs from industry, according to its commander.
Innovation may be the key to ensuring that the national critical infrastructure is protected from new cyberthreats, said Suzanne Spaulding, undersecretary for the National Protection and Programs Directorate at the DHS. The private sector must step in to help prevent future attacks.
The public/private partnership that influences many government efforts is a core effort as the Department of Homeland Security (DHS) strives to protect the homeland from cyber attacks. Above all, the private sector must take the lead in some endeavors. “We need improved cyber hygiene.”
The Department of Homeland Security is taking a holistic approach to cybersecurity that focuses on preventing or mitigating the effects of a cyber intrusion on the critical infrastructure, according to a department undersecretary speaking at the AFCEA International Cyber Symposium.
Too much time spent chasing the obvious takes away from the ability to find the less obvious risks when it comes to stopping cyberthreats. Attacks from foreign adversaries, insider threats and advanced persistent threats all look the same, so it is essential to understand what is normal and to take immediate action when an anomaly is detected.
The Joint Information Environment (JIE) will be relying on virtual capabilities to a greater degree as part of several thrusts within the network. Enabling technologies include the cloud and software modernization as planners strive to ensure interoperability and access wherever users may be located.
The Joint Information Environment (JIE) seeks to network the entire defense community, but its ability to address customer requirements could run afoul of its original purpose. Many military users have specific needs that must be addressed, so the JIE must meet those requirements without jeopardizing its desired interoperability.
A key tenet of the Joint Information Environment (JIE) will be the ability of users to have access to the same information system capabilities regardless of physical location, according to Defense Information System Agency (DISA) officials speaking on the final day of AFCEA’s three-day JIE Mission Partner Symposium.
The U.S. Special Operations Command is taking an unconventional approach to equipping its forces for an information environment that does not follow conventional guidelines. The command must provide networking for a theater force that can range from one person up through thousands of people, and it faces diverse mission needs that can require large communications pipes.