Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

Innovation Advantages Run Afoul of Reality

Existing procurement methods and cultures inhibit needed changes in cybersecurity.
By Robert K. Ackerman
A panel discussion examines innovation as a security imperative at NITEC 2017 in Ottawa.
A panel discussion examines innovation as a security imperative at NITEC 2017 in Ottawa.

Needing innovation for cybersecurity more than ever, NATO and its member nations still do not have a concrete plan to speed new capabilities into alliance and national systems. Intricate procurement processes compound the absence of cooperation among firms while cyber adversaries continue to improve their methods and broaden their capabilities.

A panel highlighting innovation as a security imperative discussed these challenges on the first day of NITEC 2017 in Ottawa. Panel moderator John Stewart, senior vice president and chief security and trust officer, Cisco, stated that NATO is a unique environment that often is an indicator of things that eventually will require consultation. More to the point, Dmitri Alperovitch, co-founder and chief technology officer, CrowdStrike, declared, “We are behind in cyberspace, and we have to begin catching up rapidly.”

Sharing information about cyberthreats and solutions is essential, said Maj. Gen. Greg Loos, CF, chief of staff, Information Management Group/CAF J-6, Department of National Defence, Canada. “Information is the lifeblood and currency of military operations, and we must share it,” he declared, adding, “Cyber challenges are the same for all of our nations. We must work together.”

Focusing on innovation, Alperovitch called for complete visibility inside the network along with the will to go actively out after adversaries. This hunting is vital, he said. Enabling this will require taking advantage of technology quickly instead of relying on large capital programs.

Hugh Thompson, chief technology officer for Symantec, discussed the human element, saying the ability to recognize risk in a system may be part of an individual’s personality, not intelligence. He called for the ability to show a security threat in a way that people can recognize and assess its severity immediately. This will require investing and partnering with nontraditional industries such as anthropologists and psychologists. “We must make our security products in a way that people even under stress can make reasonable choices,” he stated.

Inertia within the acquisition process received considerable blame. Stewart stated, “By the time [an item] is operationally deployed in NATO, my company is ready to retire it.” He continued that systems often are deployed even though its developers know it has inherent vulnerabilities that could prove costly to forces. “The existing way things are procured allows a technologically vulnerable platform is deployed knowingly. That is unacceptable.” He added, “I don’t want the day when loss of life is the reason things change."

Enjoying SIGNAL?
SIGNAL Magazine is available through subscription or as part of your membership in AFCEA.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA