news from the 5th Annual Billington Cybersecurity Summit
Admiral Michael Rogers, NSA Director and Commander, US Cyber Command, delivered the conference's opening keynote. He asked how we can achieve security in cyberspace, when the level of activity against us continues to increase so dramatically?
No single technology, no single actor, offers a comprehensive solution for cyber security. Yet organizations have focused on stopping penetration of networks. This is misguided. Resiliency should be our goal: we should work toward being able to accomplish our mission in the face of damage and degradation. Despite our best efforts, we'll sustain damage. There's an obvious analogy to shipboard damage control — you control and fix damage as you continue to operate. So we should focus on operating and mediating simultaneously.
This led to his discussion of five challenges we face in cyber security.
Having to fight through damage and degradation is a major change in mindset, and this is our first challenge. Getting the right mindset requires leadership buy-in. It requires thoughtful reconsideration of resources and roles.
The next challenge is achieving situational awareness. How to do so requires sensing and visualization of networks. You can't simply bolt on defensive capability. Redundancy, resiliency, and defensibility must be built into our systems.
The third challenge is getting the right partnerships — cyber security isn't a pick-up game, but we've tended to treat it as such. And here Admiral Rogers asked for the private sector's help in building long-term partnerships.
The fourth challenge is authorities — getting the right authorities to ensure resiliency. Information assurance is part of our mission. We need to work through the partnerships that will share information, the pathways for doing so, the kind of information we'll share.
The fifth and final challenge is building the workforce that can provide resiliency. Building that workforce also depends on partnerships and relationships.
The bottom line is recognition of the problem, and developing the partnerships to deal with it. Admiral Rogers concluded by noting how pervasive cyberspace has become to life as it's lived today. What happens when we lose confidence in our systems? When we no longer believe our data? We need to recognize this challenge, and partner to meet it.
The conference is continuing with additional speakers and panels. The CyberWire will report on these in tomorrow's issue.