Cleveland-Marshall’s Center for Cybersecurity and Privacy Protection hosted the officially sanctioned Republican National Convention Cybersecurity Forum in July. An impressive lineup of technology and policy experts and lawmakers spoke at the event on the state of cybersecurity, including keynote addresses by Congressman Michael T. McCaul, Chairman House Committee on Homeland Security, former Michigan Congressman Mike Rogers and Dr. Steve Belovich, Founder of IQware Solutions, LLC. Here are the seven biggest takeaways on the state of cybersecurity and what to expect going forward.
Cyberdefense requires public-private collaboration
Cyberattacks have become increasingly sophisticated and frequently directly or indirectly involve state actors or state support: “As a traditional matter, we look at attacks by foreign countries as matters answered by our national defense, but when the attacks are of the cyber variety, we leave it to individual companies,” explained Jamil N. Jaffer, Vice President for Strategy & Business Development at IronNet Cybersecurity. “It is not practical to expect individual companies to fend off attacks from well-financed countries committed to attacks.”
Encryption issues remain unsettled and will intensify in the near future
The major debate earlier this year over the FBI demanding access to the iPhone used by a shooter in last year's San Bernardino attacks reached a conclusion with the FBI gaining access to the phone via a third party, but debate on the underlying issues of civil liberties and security in the cyberworld rage on. While Congressman McCaul felt this was the correct resolution in this instance, the issue of encryption and backdoor access is being closely examined by the federal government, including Congress and the House Committee on Homeland Security. “You don’t want to pass laws in Congress as a knee-jerk reaction to an event that have unintended consequences,” said McCaul.
New technologies expand the surface area for new cybersecurity threats
The “Internet of Things” – web-connected refrigerators, heating and lighting, cars, etc. – are on the rise, and these devices dramatically increase the surface area open to cyberattacks. “The coolness of technology will often outweigh security,” said Belovich. According to Congressman Rogers, only 10% of such devices are being built with security in mind.
If you have not heard of ransomware yet, you soon will
“2016 will be the year of ransomware,” explained Congressman Rogers. Ransomware is a type of malicious software designed to block access to a device until a sum of money is paid. According to Rogers, ransomware attacks are up more than 1000% over the last year.
Attribution for cybersecurity attacks remains quite difficult
One of the many challenges facing cybersecurity lawmaking and enforcement is that attribution of attacks remains quite difficult, and advanced encrypted communications further complicate the task. “We have a new generation of terrorists that are very savvy about the internet in terms of secure communications,” said Congressman McCaul.
Strong economic incentives encourage managing issues instead of finding solutions
Beyond obvious financial incentives that motivate cybercrime, the industry that has developed around mitigating these cyberattacks is not aligned with efforts to find long-term solutions. These key industry drivers include identity-theft protection, anti-virus software, security upgrades and even cybersecurity insurance. “Managing the program is way more profitable than curing the problem,” noted Belovich.
Education on cybersecurity is lacking and will play a key role in prevention
Most cybersecurity breaches are enabled by internal constituents and a lack of education on the subject plays into the hands of cyberattackers. “The biggest threats are internal, and not of the malicious type, but of the benevolent type,” explained Gregory Garcia, former Assistant Secretary for Cyber Security and Communications at the U.S. Department of Homeland Security. As part of his three recommendations on cybersecurity for the next President, Rogers called for a national campaign on cybersecurity awareness.