New Networks Embolden Adversaries, Add to Cyber Challenges
Validating data and information is critical for technical security, but success will also depend on better education and culture change
Data is a strategic asset, but the human factor is the greatest unsolved issue in cybersecurity. Much progress has been made in securing technology, but today, it is not just the technology but also how you factor in human behavior. Security is not just about protecting the widget or fixing the algorithm because you must factor in behavior and external sources as well.
A panel of five women, all whom have excelled in cyber-related careers, took on some of cyber’s most pressing issues at TechNet Augusta.
“Education, education and education,” stressed DeEtte Gray, president of U.S. operations, CACI International Inc. We have done well with developing security to protect the network, but we now must offset the human factor with education and a change in our culture. It is no longer so much a compliance issue as it has become an education one. Changing the culture is needed so security becomes part of what you do, she explained.
Annette Redmond, acting deputy assistant secretary for intelligence policy and coordination, Bureau of Intelligence and Research, Department of State, explained that 5G is one of the most serious issues facing the Department of State.
“In 5G, we are in an era where we are able to have Internet of things connected in new ways. Devices will be connected by a much more robust and higher speed network,” she said. This cannot be mitigated out of the gate until we know where the network is coming from. The second- and third-party vendors behind the network have to be given the equivalent of a Good Housekeeping seal of approval. Foreign entities may not abide by our rules, and so there needs to be a bigger effort to look at supply chain and supply chain security, she added.
Another threat is the sophistication of disinformation tools. The Global Engagement Center has been working through a portfolio of tools to look at the capabilities, tools and traffic coming through to see if the information is coming from a validated source and if it has been tampered with. This is necessary to protect national security as well as the vitality of our culture. “We are being manipulated each day, and if we don’t figure about how to verify, we should all be concerned,” she said.
From the perspective of Nancy Kreidler, director, cybersecurity and information, assurance, Army CIO/G-6, an important part of cybersecurity is teamwork. “Cybersecurity is a team sport. You cannot do it in a silo. We tried, and it did not work. Team is based on trust. As we go to big data and AI, we have to work as a team. When bosses are working the teamwork model, it is easy to institute that, and we see that in the Army today,” she explained.
And with teamwork, comes diversity. You don’t want to be in a room with only people who think like you, she said. “From an Army headquarters perspective, I want to bring in the whole community because everyone has a stake in what we do,” Kreidler added.
Redmond, in talking about election interference and what the Department of State is doing about it, also referred to the importance of teamwork. “Fair and free elections are the hallmark of democracy,” she acknowledged. Yet no one entity has total responsibility, so the answer is teamwork. Intelligence, Department of Homeland Security, the State Department and state and local governments all have a responsibility to ensure voters have confidence in the process and that their votes are counted and heard.
“Many foreign entities have an interest in currying favor in their direction, and some may not even agree with one another. The only entity that counts is the American citizen when they pull the lever,” she said.
Our adversaries are all in, and we need to be all in, said Gisele Bennett, senior vice president of research, Florida Institute of Technology. There needs to be ownership and curation of the data. Who is going to own data, and who is going to control it, and how do we come up with validation and verification? she asked.
Cyber is the mechanism and the framework because you cannot ignore the authenticity of data, she concluded.