Data Risk Governance

Art Covielo, CEO, RSA.

In Art Covielo’s keynote speech at the 2010 RSA Conference, he acknowledged the need for developing a secure, measurable and auditable cloud computing infrastructure. Cybersecurity has become political focal point, with the FBI, DHS and White House, to name a few, reacting to the CSNCI. Not only is malware a pandemic, it is becoming a legitimate threat to national security. At some point in the near future cyberwar and cyberterrorism could rival traditional war in its potential for economic and societal disruption. (Read More).

Scott Charney, Microsoft.

The cloud will demand end-to-end trust. Don’t forget about the massive installation base of shrink-wrap software out there. It is not going away overnight. Charney’s comment is surprising because it seems to highlight Microsoft’s inability to ever execute on Bill Gates decades old vision of a subscription-based, software as a service distribution channel for Microsoft products. Granted, for a majority of this time such delivery was hindered by bandwidth and infrastructure issues, such as slow penetration of broadband into consumer homes. (Read More).

Enrique Salem, Symantec.

Whoever can secure the cloud will win big. Those providers that can afford reasonable privacy measures will draw the most business. There is an explosion in non-Windows-based mobile devices, one of the next frontiers in computing. How these devices interact with the cloud and how privacy and security are enforced in this use cases is critical. These devices will want to access corporate and personal information.

The fabric of our social interactions is changing, as it moves into cyberspace, enabled by such phenomena like Facebook and Salesforce.com. We may be able to control what our employees say about our companies but not what our employees say about themselves.

Attacks are narrowing in focus. Siloed threats are going after confidential, corporate and government data. The top three losses are intellectual property, financial data and customer personal information.  100% of 2100 companies surveyed claimed a cyber loss. Instant messages with malicious links, emails w/ malicious links and malicious code are causing fooling many users. In 2008, Symantec published 1.6 million new signatures. In 2009, that number grew to 2.9 million!

Reputation will hinge on security.

Cryptographer’s  Panel

Talk of a trust bubble: like the housing bubble and the dot com bubble before that, a trust bubble exists, buoyed by misplaced trust in both public and private sector to protect our personal information. This bubble may burst in the coming year if we plunge to quickly into reckless outsourcing of such critical data into the cloud.

Howard Schmitt: Role of the government in cybersecurity going forward, includes coordinating across all branches of government, at least the legislative and the executive branches, and keep the seeds planted in the minds of the president and his advisors. There is a long way to go. The near-term goals of the Commission are being worked on now, one of which was to appoint Schmidt. FISMA has shortcomings that need to be addressed. The OMB will release new FISMA performance metrics, more attention to control monitoring in real time. There will be someone appointed to a role for cyber privacy and protection of civil liberties. The administration is working on over 40 legal questions relating to the CSNCI report. There is also a large outreach and education/awareness effort being planned. October will be cybersecurity month.  There is a framework for research and development being created to guide the public/private collaboration.

See http://www.whitehouse.gov/cybersecurity and download the cybersecurity initiatives in the CSNCI.

National Security Panel: Michael Chertoff, Richard Clarke, Mark Rotenberg

Cyber warfare is a growing threat the United States. The United States is not as prepared as we should be for a cyber attack of a large magnitude, against critical infrastructure, by a nation state. WE do get attacked everyday. All major companies and governments have been penetrated and terabytes of data have been lost. Much of this is intellectual property, lost to industrial espionage. According to Richard Clarke, forget about securing the Cloud, we can’t even stop hackers on our networks! As nation states continue to arm themselves for cyber war we will contine a cyber arms race. We have detected logic bombs laced throughout the nation’s power grid; it would foolish to assume we’ve not done the same thing to other countries. Massive data breaches flow to China and Russia. (Read More).