Paul's Blog

THOUGHTS ON CYBER WARFARE

2014 Cybersecurity Innovation Forum at the Baltimore Convention Center

NCCoE

CSFI Participates in the 2014 Cybersecurity Innovation Forum at the Baltimore Convention Center.

The 2014 Cybersecurity Innovation Forum was a three-day event sponsored by the National Cybersecurity Center of Excellence (NCCoE) with the Department of Homeland Security, the National Institute of Standards and Technology, and the National Security Agency.  Approximately 700 Cyber Security professionals attended the event in spite of sub-zero temperatures and snow in Baltimore.

Phil Venable, the Chief Information Risk Officer at Goldman Sachs, kicked off the event with a superb presentation discussing innovation and insights at Goldman-Sachs over the last decade and reminded us all of the participants that the fundamental lessons from the 1970s forward still applied to trusted computing today.  He also stressed the difference and importance of understanding the differences in “being secure” vice “providing security.”  All cyber professionals should also be heartened by Phil’s recommendations to improve not only the quantity of cyber security professionals across the various sectors, but their productivity through sound practices as well.  Please contact Phil for a copy of his briefing, I think you would find it very insightful.

Major themes throughout the forum included emphasis on the POTUS-directed Voluntary Cyber Security Framework (NIST), implementation of STIX & TAXII as new standards for information sharing, and changing the economics of cyber protection.  STIX is a data exchange format, and TAXII is the transport mechanism.  Michael Daniel, Special Assistant to the President & Cybersecurity Coordinator, White House, shared the NSS key perspectives on current cyber issues 1) The threat is real, but it is not a movie script, 2) the threat is becoming broad and diverse, 3) it is more sophisticated, and 4th) cyber threats have reached a point where they are now capable of being destructive.  Michael also stressed the need to “flip the economics of cyber defense in favor of the defender.”  Several of the speakers and panels followed up on this idea, and presented ideas for making attackers devote more resources to their operations, hopefully making it less lucrative for them.  Yes, this should remind us of the US strategy for bringing down the Iron Curtain, though I hope we can do it for less!

TAXII and STIX received consistent and repeated calls for support from NIST, DHS and Industry representatives as the “format of the future” with several of the Industry vendors openly stating they were actively investing significant internal funds to adopt these standards, and to make STIX the baseline format for their products.  Many of the participants and panel members supported the move to STIX as a substantive and effective way to improve Information Sharing needed for overall increased security.

Participants supported the cyber Eco-system theme and added their particular twists to it, including pushes to consider health care analogies.  In this case, we should think of STIX and TAXII as the first coordinated method to improve the “immune system” of shared cyberspace.

The NIST Voluntary Framework is slated to be released on 14 February 2014 and we should all become familiar with it as soon as possible.  You can expect to see gaps and seams in the Framework, but each one should be viewed not as a short-coming, but an opportunity for innovation and solutions.  We also need to understand the language of the Framework, and be ready to assist our agencies, clients and teammates putting requirements and needs into the same language.  Doing this will enhance communication during operations, and ensure that proposals, bids and work plans are understood and meet Government and Industry expectations.

The 2014 Cybersecurity Innovation Forum was a great venue.  The hosts, sponsors and Baltimore Convention Center staff did a superb job putting it together and executing the event.  The Forum was set up along four tracks; Trusted Computing, Security Automation, Information Sharing, and Research with several Plenary sessions and Panels each day.  Thanks very much to Paul De Souza for arranging the pass to ensure a member of CSFI was able to attend and report back to our members.  I recommend everyone view the full agenda and presentation list is at: https://www.fbcinc.com/e/cif/default.aspx. — contact the presenters with questions.

RAM

Robert A. Morris, Colonel (ret), USAF
CSFI Advisory Director

Advertisements

Filed under: Uncategorized

Career Thoughts

I am humbled and honored to have the opportunity to manage and run one of the biggest and most active forums on the Internet dealing with cyber warfare and cyber security – CSFI (The Cyber Security Forum Initiative). With over 16 years of cyber security experience, I continue to actively raise Cyber Warfare/Cyber Security awareness worldwide. I have worked as a Chief Security Engineer for AT&T, where I designed and approved secure networks for MSS. I have also consulted for several governments, military and private institutions on best network security practices throughout my career.

CSFI and its divisions CSFI-CWD (Cyber Warfare Division), CSFI-LPD (Law and Policy Division) and CSFI-WD (Wireless Division) continue to grow and expand with more than 60,000 information security members.

One of my personal goals is to serve our security community to the best of my abilities, in the protection and defense of our American national security interests, the American people, and that of our international partners. I am always ready to serve and to give of my time and skills to help our society with the growing problems we experience in cyberspace. I thank God and my family for the opportunities I have had in life and the most precious of all opportunities, which is the chance to serve others. I love what I do, and I appreciate all the support I have received from friends, family and our CSFI members.

___________________________________________

Paul de Souza, CSFI Founder Director

%d bloggers like this: