MADISON, Wis. — The theme of Wisconsin’s fourth annual Governor’s Cyber Security Summit was “Securing Tomorrow through Technology," but Gov. Scott Walker simplified it to the Boy Scout motto: Be Prepared.
“That’s really what we’re talking about,” Walker said to open the daylong summit that drew about 270 cybersecurity professionals to the University of Wisconsin campus. “This is a process that literally is emerging before our eyes.”
Author and futurist Dr. Peter Singer acknowledged that the future is difficult to predict, and that the vast scope of what is described as the “internet of things” — physical devices that use the internet to collect and exchange information — makes effective security systems difficult to achieve.
“Data is the new perimeter,” Singer explained. “But what we’re seeing now is an utter redefinition of where data is collected, where it resides, and maybe even the meaning of the perimeter itself we’re supposed to defend.”
That’s because as many as seven billion items — laptops, devices, smart appliances — may currently connect to the internet, and each of those items contain sensors to collect and exchange information. Those items could soon number 50 billion, which could mean 50 billion points of vulnerability.
“This is a fast-moving space,” Singer said. “Businesses are putting security second and convenience first. So far, we have very few incentives to get it right with security in the internet of things. I think that’s going to change.”
Singer also warned that, as a result of social media, individuals have become information distributors.
“Arguably, there are now no more secrets,” Singer said.
Dan Lohrmann, chief security officer and chief strategist at Security Mentor, Inc., also spoke to the challenges of protecting data when seemingly everything connects to — and shares information with — everything else.
“Security problems have not peaked,” Lohrmann said. “The bad guys are getting better. You’re going to see many more bad headlines in the next year. You are not going to be able to stop that from happening.”
Another key factor behind this prediction, Lohrmann said, is that most internet of things (IoT) devices are not secure, by default.
“They want to be first to market, cool new features, security comes later,” he said. “They want to be under your Christmas tree. Our job is to say, ‘We’ve got these problems — what’s the solution?’”
Perfect cyber security is unrealistic, Lohrmann said. The better approach is to anticipate where threats are likely.
“What assumptions are being built into your IoT culture?” he asked. “We all have blind spots — ask ‘What if?’”
Byron Franz, an FBI agent specializing in cybersecurity, went further.
“We lock our doors and windows, but do we lock our cyber doors and windows?” he asked “There can never be perfect security, but we can resolve to have a reasonable level of security.”
Franz spoke about partnerships between the FBI and private industry to help protect against cyber crimes. He also spoke about teamwork within organizations to maintain cyber security. He explained that in a brick-and-mortar structure, the bottom bricks were key as they bore the load of the structure.
“In the IT world, no brick is more important than another — these are every employee in your organization, whether they have admin access or are a user,” Franz said.
He recommended covering laptop webcams to prevent hackers from remotely activating the camera and viewing the user or other activity in the room, and reminded the summit about the importance of strong passwords.
“There’s something called ‘password entropy’ — the inherent declining and weakness of our passwords,” Franz said, “and Americans have significant issues with this particularly.”
Sheldon Cuffie, a Wisconsin Army National Guard veteran who spent his enlisted days in the signal corps, now leads cybersecurity efforts for Northwest Mutual, touched on such topics as digital disruption — “Look it up when you get home,” he recommended — digital resilience and transformational IT. He echoed previous speakers in describing the threats emanating from cyberspace.
“You might live in a good neighborhood, but the internet is not a good neighborhood,” Cuffie warned. “We’re all connected in ways that allows people from across the pond to reach out and touch you.”
He spoke about social malwaretising, where online ads can introduce malicious programs into devices and networks, and described a potential cyber security “immune system.”
“If you assume compromise, if you assume your network will be picked, you need the ‘white blood cells’ to kick in and prevent a whole lot of compromise,” Cuffie said. “And that’s what we’re trying to do — a self-healing network from a security perspective that’s resilient and can maintain impacts against it. Pretty straightforward, but really hard to do, and it takes a lot of money.”
Maj. Gen. Don Dunbar, Wisconsin’s adjutant general and the governor’s homeland security advisor, spoke about what role the Wisconsin National Guard — and the military — plays in cyber security. Currently, he said U.S. Cyber Command has 133 military cyber security teams. Some are assigned to safeguard the operational networks for combatant commanders.
“Everything a combatant commander has to do has a cyber element to it, and these teams are designed to do just that,” Dunbar said. “If you send the infantry in, you’ve got some support for them. If you send the Air Force in, you’ve got some support for them to fight in the cyber domain. To think we’re going to fight without fighting in the cyber domain is a flight of fancy — it’s going to happen when we have to fight for the United States of America.”
Other teams in the cyber mission force are tasked with defending national infrastructure and the Defense Department’s information network. The National Guard in Wisconsin and Illinois share one team, Dunbar said. He also said Wisconsin was among the first states in the nation to build a cyber response plan into its homeland security plan.
“Don’t read that as meaning we’ve got it figured out,” Dunbar cautioned. “We are working on it. It is tough, tough to try and figure out.”
He emphasized that cyberspace was as much a battlefield as an information superhighway.
“Cyber will clearly play a big role, a foundational role, in the defense of our country,” he said. “We all have a role to play.”
David Cagigal, chief information officer for the state’s Division of Enterprise Technology, agreed.
“Everybody in this room should find themselves owning a piece of this responsibility — at a minimum, creating an awareness with their fellow workers and at home,” he said. “The only way we’re going to be able to address these issues is together.”
“There are always people who want to do harm, and we can’t ignore that,” Walker said. “We have to be constantly ahead of the curve. That’s why we’re here today.”