Firestorm - National leader in Crisis management, Critical decision support, Crisis communications, Crisis public relations, Crisis response, Crisis consequence management
Firestorm's Expert Council Member Anyck Turgeon recaps her experience at the 6th Annual ITSEF Conference hosted by Stanford University
As $60 billion has been spent fighting cyber attacks and 431 million adults in 24 countries experienced the costly challenges of identity theft in 2011, it is no surprise that this year’s Security Innovation Network (SINET) Annual IT
Security Entrepreneurs’ Forum (ITSEF) was sold out. Hosted at Stanford University, a full ecosystem of world-class cyber security experts gathered to discuss “Democratizing Security Innovation.”
SINET is brilliantly led by Robert D Rodriguez, its Chairman & Managing Principal and former Special Agent of the US Secret Service. Through venues such as its 6th annual ITSEF event and my attendance as a qualified security expert to all ITSEF conferences since inception, it is my professional assessment that SINET continues to offer a unique opportunity for a select group of top-quality IT and physical security professionals to explore open security innovation models, embrace collaboration opportunities, and help re-invigorate the importance of domestic and international public-private partnerships. Among t
he SINET ecosystem are entrepreneurs, system integrators, investors, academics, policy makers, lawyers, scientists and federal government representatives from agencies such as DHS, DoD, CIA, FBI, NSA and United States Secret Service who are willing to take calculated risks in order to stop crime of all sorts – starting with cyber crime and support the advancement of security innovations.
As a sobering yet unifying note, keynote speaker Jane Holl Lutte, Deputy Secretary of Homeland Security for the Department of Homeland Security, opened ITSEF 2012 announcing that although cyber security spending is approximately $1 billion per week in the United States, cyber crime keeps rising exponentially and remains poorly punished.
Governments and educational institutions have recognized some of
the impacts of cyber challenges, yet corporations and private individuals are more closely experiencing the costly pains associated with cyber crime. Already, 85 percent of companies have admitted to data breaches and the ratio of Americans affected by identity theft has now reached to 1:3. It has been known for a few years now that organized crime’s number one source of revenue is cyber crime. As per skillfully explained by CIA Senior Operations Officer John Mullen, adversaries such as foreign intelligence services and competitors are following different approaches and goals that lead to the exploitation of cyber technology and people towards their advantage such as to steal industrial secrets and intellectual property. Yet, as several on-site security professionals have conveyed, laws and the provisioning of resources for law enforcement agencies remain problematic as under-funded, misunderstood and slow to adapt to our rapidly evolving society as well as technology. This type of malaise is perhaps small now, but, with such on-going innovation as well as diversification, it will only increase exponentially over time. Will we be too late by the time we understand the invisible enemy?
According to the Q4 2011 Threat Report published by McAfee Labs, 65,000 pieces per day which equates to 2 million new pieces of malware are created each month. As criminals are becoming more creative, former INTERPOL cyber security fighter and now Chief Cyber Criminologist at the Cybercrime Research Institute and global security advisor for Singularity University, Mark Gordon, showed how organized criminals are becoming more creative – such as having a robot stealing a bag of chips out of a corner store. How will you be able to protect yourself and your family when robots hack into bank systems and rob you of all of your money via the Internet from the information obtained from your customized social media sites? Are all law enforcement communities ready to fight the next waves of cyber crime?
It is critical for governments from all parts of the world to unite in order to find new ways toward universal collaboration along with the corporate world and academic institutions. Although social barriers such as privacy have created a profound divide, active cyber fighting activities for more commonly agreed causes, such as the abolition of child profiling by sexual predators and child pornography over the Internet, have brought communities into joint action around the globe. Once the social and cultural differences are ironed out in an effort to reach mutually agreed higher goals, it appears that resources are able to rapidly align themselves and gain astonishing results. Perhaps a new series of international technology and security diplomats will emerge as a result of ever-growing Internet and social media usage.
Given the estimate that by 2020 more than 50 billion devices will be computerized and accessible via the Internet, multi-disciplinary collaboration also has to take place on a much larger scale even with makers of items such as refrigerators, microwaves, washing machines and cars that are being designed to include personal information. The IT security challenges of today are much simpler than the integrated profiling issues of tomorrow.
As clearly pointed out by Mark Weatherford, Deputy Under Secretary for cyber security at the DHS during his panel discussion with Doug Powell, Manger of SMI Security, Privacy & Safety at BC Hydro, Ernie Hayden, Managing Principal of Energy Security at Verizon Global Energy & Utilities, and James Sample, CISO of PG&E, all emerging technologies need to include a strong security foundation upon its initial development. Technologies such as smart grid infrastructure quickly outpaced the development of security policies, applications and interoperability standards exposing our critical infrastructure to foreign terrorists.
As all ITSEF attendees were invited by SAIC upon the following day to a white hat cracking competition at The Computer History Museum, it is critical that appropriate security-by-design solutions be developed, tested and cracked at a fair pace. This can help to ensure full testing of these complex, interoperable and open public environments.
As working subgroups such as the CSWG/NIST Smart Grid Privacy are currently developing security/privacy guidelines and are led by key industry stakeholders such as privacy expert Rebecca Herold and members of the SINET EXCHANGE, one needs to aim toward democratized security innovation through multidimensional collaboration. Latest copy of the NIST Releases Final Smart Grid 'Framework 2.0' Document.
As cyber attacks are reported these days on an ever-increasing scale, other ITSEF speakers such as Ward Waltemath, VP and Head of IT Security Investment Banking at Goldman Sachs, forewarned that we need to prepare for a possible 2012 cyber pandemic. Investors recognize the need and growth potential for IT security companies as being near neck-to-neck with social media. Yet, since 10 percent of the public IT security leaders are the ones generating 80 percent of all revenues and 67 percent of IT security providers remain not profitable, investors have understandably decided to observe IT security companies from the side line and remain petrified by the higher investment risk of IT security innovation.
As eloquently reported by John Muir, Managing Director of the Security Innovation Network, out of 1,000 submitting IT security providers, 850 companies have been scrambling to find ways to grow rapidly. Yet, the new technology adoption cycle remains at five to seven years for new market segments – which results in annual revenues averaging less than $5 million for an IT security company. Not only are new companies and solutions having a difficult time, but their lack of cash restricts the resources they can hire. So, unless something changes, our world will ultimately be penalized as we have governmental product adoption cycles that are way too long and the relevant companies are unable to invest in acquiring all of the resources needed to address the needs of tomorrow. As 36 percent of IT security providers entering the SINET presentation proposal had revenue lower than $1 million annually, one can better appreciate the scarcity of IT security innovation given the high sacrifices needed to make it in the industry. Given that most IT security companies originate from the Silicon Valley (34 percent) and the Beltway (23 percent), it was a little alarming to realize that most of these vendors appear to have less than $1 million in raised equity despite their surrounding venture capital communities.
Ted Schlein, Managing Partner at Klein Perkins Caufield Byers; Asheem Chandna, Partner at Greylock Partners; Bob Ackerman, Founder and Managing Director at Allegis Capital; and Alberto Yepez, Managing Director at Trident Capital, acknowledged some investment growth, as the 172 Critical U.S. infrastructure organizations surveyed by Bloomberg plan to increase their spending on cyber security over the next 12 to 18 months. The venture capital investment community anticipates continuous M&A growth will keep growing in 2012 whereas the steady industry trend has migrated from 69 M&A deals in 2007 to 150 in 2011. Such impactful acquisitions as McAfee by Intel for $7.7B and ArcSight by Hewlett-Packard for $1.6B should remain on the calendar for years to come.
In spite of the economic downturn, some attending entrepreneurs reported significant sales growth (2 to 5X increase) in terms of number of customers. A large portion of their impressive progress can be attributed to provisioning of critical solutions to large US Federal governmental engagements with a much shorter sales cycle then the typical 5 to 12 years evaluation and adoption process. Organizations such as SINET help build key platforms for shorter adoption cycles as well as long-term engagements with US government.
For instance, upon this year’s ITSEF, attending security practitioners were provided various face-to-face networking opportunities as well as “faster-than-standard governmental acquisition cycle option” workshops where alternative programs and approaches were presented for three to 12 month adoption cycles.
Eloquent speakers at ITSELF all offered alternative product acquisition frameworks for cyber innovators with proven technologies that bear undeniable results. A sampling of speakers included:
The complete list of speakers
Upon The Security Innovation Network’s Showcase 2012 on October 24 and 25, 2012 at the National Press Club in Washington DC, SINET will once again offer the opportunity for a select group of top IT security leaders to demonstrate the value of their unique offerings to key governmental officials in order to engage in special contracts for rapid testing, deployment, funding and long-term engagement contracts. The SINET Exchange is another powerful private online platform offering introductions and exchanges to a large community of IT Security governmental, corporate, investment and educational decision makers.
Having just 1,000 companies delivering 140 categories of IT security solutions seems like a drop in the bucket when it comes to social media.
About the topic of social media risks, Professor Mariano-Florentino Cuellar, Co-Director of the Center for International Security & Cooperation at Stanford University, also raised valid points surrounding the power of social media activism – especially with religions and its overwhelming impact on political regimes and leaders. Already, in Canada, legal cases have demonstrated the power of the people over judicial decisions where judgments were reverted. So, the amount of private and personally identifiable information exchanged over social media is not only alarming from an identity theft perspective, but also from an organized anarchist perspective as well.
As information becomes more transparent on a near real-time pace, HP Labs Visiting Researcher Sujata Millick pointed out that for the first time in mankind, all human beings on this planet are becoming connected to one another.
She expects that within the next decade, as China and India will drive the largest connection gaps, we will finally all be connected to one another via social media. This is a substantial revolution for all of us, as we will be suddenly bombarded with news and information like never before (if we aren’t overwhelmed already). For more primitive societies, the social gap that they will have to traverse via mobile devices will be interesting to watch as social and cultural norms will be greatly influenced and impacted. Ms. Millick also predicted that the current divide between private and work identities on social media will disappear, the news media will undergo major challenges as we will all become reporters and our society will be more self-policing through real-time publishing.
As Facebook’s Chief Security Officer Joe Sullivan clearly pointed out, there are immediate needs for security solutions that can address unsolved issues.
Especially when it comes to cloud environments and when facing the intense proliferation of devices, there is a need for responsible and trusted solutions that can perform ongoing multidimensional verification – hence, “verify, encrypt and keep on verifying” instead of just “trust but verify.”
Finally, Robert Carey, Deputy CIO at the Department of Defense, discussed the Presidential orders of agility, flexibility and costs reduction. Whereas the current total budget for the DoD remains at an imposing $525 billion each year, DoD’s IT budget is expected to remain at $37 billion with $9 billion being allocated to the U.S. Army and $7 billion to the U.S. Navy, as the top two recipients. Through the redeployment of 700 data centers to the DoD cloud via the new Identity Access Management Framework, a true enterprise architecture is orchestrated. This reduces overall IT budgetary costs by reducing infrastructure toward much simpler client-based technologies, decreases the number of applications to support through commoditized real-time standards and increases interoperability. Through simplification of the enterprise architecture and increased user-friendly solutions designed for all forms of combat with continuous real-time controls and policy-based self-destructive measures, the strength of cyber security fighting tools should increase. Those are the marching orders that DoD personnel are aiming for – so, IT Security professionals need to focus toward full collaboration upon all cycles of product development and, through its multitude of offerings (which also includes consulting services from former governmental officials), SINET brings a platform of venues that truly offer the democratization of security innovation.
For lasting security solutions, SINET offers a full portfolio of activities designed for top IT security decision-makers and Firestorm offers a full range of world-class security experts; don’t wait any longer and start now figuring out how to overcome the next generation of challenges - PREDICT.PLAN.PERFORM.®
Download our Toolbar!
Firestorm believes that crisis preparedness is predicated on recognition of imminent threats. Our weekly newsletter is an invaluable tool that reports on current conditions and issues, and includes original commentary and analysis from our Expert Council, Senior Leadership, and Guest Contributors. Valuable, insightful commentary analysis each week - and it's FREE! Sign up to receive these critical alerts
Firestorm presents a variety of topical webinars each month for the business community presented by leading experts in their fields. Our Leadership Team and Expert Council present as Keynote Speakers, Program Presenters, and Panel Members at events across the country. Keep up to date and Join us!
View our Upcoming Events...
Firestorm founders Harry Rhulen and Jim Satterfield wrote Disaster Ready People for a Disaster Ready America specifically to address the need for crisis and disaster preparedness at home, and the book has become a cornerstone of many personal and corporate preparedness programs.