Lessons from the Pentagon, Oracle, CrowdStrike, and an Ex-CIA Entrepreneur at Brainstorm Tech 2019—Cyber Saturday

My colleagues and I have just wrapped up this year’s Brainstorm Tech conference in the dry, mountain air of Aspen, Colo., and I am back to soaking up the ample humidity of New York City.

At the conclusion of a lunchtime roundtable I hosted on Tuesday, I asked the session’s featured speakers a two-part question with varying degrees of difficulty: What’s the biggest challenge the world faces with respect to cybersecurity today? (Easier.) And what is the solution? (Way harder.) Here’s what they had to say.

Dorian Daley, general counsel at Oracle, called attention to insider threats. “Sadly, I think some of the biggest challenges are people, and I mean that in a number of ways,” she said. “A lot of the breaches really come from insiders. So the more that you can automate things and you can eliminate human malicious conduct, the better.”

Mike Brown, director of the Pentagon’s defense innovation unit and former CEO of Symantec, proposed raising costs for attackers. “We’re still in a situation where it’s too easy for attackers. They only have to be right one time, so there’s not enough cost,” he said. “We have to figure out how are we are going to—as a government and as private companies—make that a lot more difficult and have it not pay. Again, most of the breaches and threats by volume are criminal, so that’s an economics game.”

Tim Junio, CEO of Expanse (formerly Qadium) and ex-Central Intelligence Agency analyst, recommended implementing a system for cybersecurity disclosures inspired by quarterly earnings reports. We need “the equivalent of a financial auditing system for cybersecurity, and there are two different ways in which that could happen. Companies could invent one, so the same people who do financial audits could create the framework, or it could be a federal standard like via NIST,” he said, using an acronym for the National Institute for Standards and Technology, which publishes a touchstone cybersecurity policy framework for businesses. “Once that exists it sets up a whole lot of other things in the tort system—what are reasonable standards?—and that helps sort out a lot of what is messy in the industry today.”

Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike and the final speaker, responded by cracking a joke. “I think there are actually only four problems in cybersecurity,” he said. “They’re called China, Russia, Iran, and North Korea.”

Alperovitch made another point too. “At end of the day, it comes down to leadership. Too few boards of directors and too few CEOs are paying attention to this issue beyond paying it lip service,” he said. “It’s what [Oracle’s] Dorian said, It’s a problem for everyone—just like HR [human resources] is not just the problem of HR—cybersecurity is a problem for everyone.”

Hear, hear.

Robert Hackett | @rhhackett | robert.hackett@fortune.com

 

Original Link: https://fortune.com/2019/07/20/lessons-from-the-pentagon-oracle-crowdstrike-and-an-ex-cia-entrepreneur-at-brainstorm-tech-2019-cyber-saturday/