The Global Cyber Innovation Summit concluded yesterday in Baltimore.
Yesterday's highlights included some perspective on what creates crisis instability from cybersecurity and policy expert Richard Clarke. You get dangerous crisis instability when an aggressor concludes they have a decisive advantage over the defenders. You're at risk when your opposition concludes that your defenses aren't credible.
Several speakers expressed concerns about data integrity, or data provenance. NSA's Rob Joyce warned that, as governments increase their efforts to impose national will in cyberspace, data will come under correspondingly greater attack. If data come to be perceived as untrustworthy, that would erode public trust and confidence in the institutions of both government and civil society. This is a slow-motion problem, and it may be upon us before we realize the severity of the threat.
Amid the usual warnings, however, were some surprising and distinctly encouraging notes. Tenable's Amit Yoran said that they've seen a "tremendous difference" between the cyber haves and the cyber have-nots. It's possible to protect yourself today. Richard Clarke had a similar observation about the possibility of successful defense, taking NotPetya as grounds for optimism. NotPetya was a Russian military action against Ukraine, but many companies around the world were collateral damage, and that damage was severe. But a lot of other companies deflected the attack, and "these are the dogs that didn't bark." Existing technology properly applied can defend the corporate network, he concluded.
We'll have more on the Summit in subsequent issues of the CyberWire.