On Point: Q&A With John Cofrancesco

John Cofrancesco, the vice president for government for Fortress Information Security, is a former information officer with the U.S. Navy and a frequent cybersecurity subject matter expert
for national news media.

What is the greatest vulnerability in cyberspace today?

Today, organizations are increasingly reliant on partners and subcontractors for critical products and services. Interconnected systems provide refined and cost-effective solutions to business and government challenges alike. The result is an increased vulnerability to network intrusions, hacks and sophisticated cyber attacks. When a supply chain is compromised, its security can no longer be trusted.

The vast majority of the companies that make up the national security industrial base have no idea what vulnerable components or software reside in the products they supply to the U.S. government. For years we have accepted attestations from vendors—turning a blind eye to who really supplies critical components or code. Until we realize cyber vulnerability goes well beyond IT [information technology] or PII [personally identifiable information], we are leaving the door open to adversaries to steal our technology and undermine our way of life.

What is the most important step that must be taken for government/industry cooperation in cybersecurity?

Industry and government need to come together to craft a realistic set of cyber rules and regulations. Potential threats go well beyond basic cyber hygiene. This requires attention and action before we experience a catastrophic cyber event that threatens our global leadership and national security.

More rigorous regulations will help improve national security and reduce collective risk, but they do not absolve individual companies of the responsibility for diligence in determining their own supplier and subcontractor vulnerabilities. Like the food and restaurant industry, companies must ask candid, pointed questions of themselves and their supplier base.

How has the supply chain vulnerability changed with the Ukraine war and actions against the Moscow government?

Western democracies and developed nations now better understand the resolve and ruthlessness of our enemies. Our nation’s supply chain security will continue to be breached, and we will continue to fall victim to ransomware and other cyber intrusions unless government and industry implement thoughtful, actionable regulations that yield traceable and enforceable reporting.

Whether it is through open-source or custom-built code or collections of components, every American depends on our supply chain to keep their lights on, their water safe and our military operational.

There is not a single pillar of our civilization that is not completely dependent on these avenues ... and our adversaries know it. The time to act is now.

Will we be more secure or less secure with quantum computing and its capabilities?

If the United States and the West invest and lead in the development and fielding of this technology, the advanced computing power can be an advantage for good in the world. Conversely, if we cede the development and intellectual space to our adversaries, we run the risk of falling behind and losing our advantage in cyber, AI and data science.

What do you think is the next great technology trend?

The next great trend is already here: harnessing data to find current vulnerabilities, make quicker and better-informed decisions and solve problems before they manifest in loss of property or life. There is great lip service paid to the technology surrounding data and advanced data science, but those that put their money where the rhetoric is will unleash today’s potential and be well situated to benefit from tomorrow’s harvested technology. Doing things the way we did them yesterday will not solve tomorrow’s problems.