To Secure the Digital Economy, a New Relationship between Industry and Federal Government Is Needed
As the economy goes digital, are our current institutions, technologies, legislation, processes, etc., sufficient to secure our digital future? The headlines over the past 18 months make it clear that the answer is no. Many believe that we are on the precipice of a future where one or more Fortune 100 companies may have to file for bankruptcy due to the damage done by being cyber attacked if the status quo remains. There is no need to repeat the stories of last year with Equifax, Merck, FedEx, Yahoo, Sony and of course, the DNC breaches, in the headlines. Both Merck and FedEx claim that NotPetya and WannaCry caused some $400M of damage to each. Merck saw damage to its manufacturing, packaging and active pharmaceutical ingredient operations plus formulation processes that alarmed Congress as to Merck’s ability to produce life-saving drugs and other medical products. A new relationship between industry and federal government is needed to protect our digital future.
Gene Sun, CISO of FedEx plus ONUG Board member, and Nick Lippis, ONUG co-founder and co-chair, are organizing a group of select CISOs to contribute to the creation of an industry public policy initiative focused on “Securing the Digital Economy.” The goal of this group is to put in place a framework that CISOs can socialize, engage and secure the involvement of their executive management, board of directors and government affairs groups. In short, we seek to create a new relationship between industry and government to influence federal policy and vendor communities to secure our digital future.
At ONUG Spring in San Francisco, we’ll host our first public and closed-door sessions to start the process of creating the framework’s foundation. The closed-door session is by invitation only and populated with key industry CISOs to dialog and plan the group’s activities. We invite 10 to 15 CISOs to be founding members of this select group to contribute to its scope and direction but most importantly, to be an influential change agent in securing your family’s and our country’s digital future.
The following are top five framework items to be discussed:
Tort Reform: It’s widely understood that cybersecurity incidents are “significantly underreported,” thanks to market and lawsuit exposure. Companies, in essence, are restricted to talk about incidents due to fear of stock market hits, partner relationship concerns and legal fall out. That is, current tort laws preclude companies from sharing important information about a cybersecurity incident that may help others mitigate from being attacked and/or minimizing the impact of an existing threat. Tort reform is an important topic for consideration and more coordination with federal agencies.
Cybersecure First Responders: The Federal Government has a significant role to play in protecting industry from cyberattacks. Cybersecure first responders and a nationwide security threat warning system, much like that has been established for terrorist threat levels, are an important framework component.
Sharing Best Practices: CISOs, et al., need a secure and trusted place/space to share best practices of threat mitigation.
New Cybersecurity Professions: A new breed of cybersecurity professionals/ soldiers is required to protect the digital economy. New skills, culture and tools are needed to equip cybersecurity professionals so they may protect their corporations from a wide range of threats that may stem from unstable nation-states, organized cybercriminals, lone hackers, cybercrime activities, cyberterrorists, geopolitics including cyberespionage, financially motivated attacks, etc.
New Approaches to Threat Mitigation: New approaches and technologies are needed to secure the digital economy. Firewalls, intrusion protection systems, were developed to secure IT assets during the late 1990s for the internet era. These solutions have serious shortcomings and do not scale to protect the digital enterprise.
According to Gartner, nearly $100B will be spent worldwide on securing IT assets in 2018, an increase of 8% over 2017. Again, according to Gartner, a large portion of this spend is driven by cyberattacks, such as WannaCry and NotPetya, and most recently the Equifax breach, as these types of attacks last up to three years. Spending more money on existing security solutions will not secure the digital economy. A new relationship between industry and federal government is needed to protect our digital future.
All IT security professionals are welcome and encouraged to join in on the conversation at ONUG Spring, hosted by Kaiser Permanente with Fred Lima, Principal, Security Architect of eBay, Gene Sun, CISO of FedEx, Rich Noguera, CISO of Gap Inc., Andrew Turner, CISO of Vantiv, and Nick Lippis, ONUG co-founder.