CB – How does artificial intelligence, machine learning, blockchain, quantum encryption, and other “futuristic” technologies fit into the cybersecurity toolkit in 2018 and years ahead?
George Platsis: Personally, keeping a close eye on blockchain and quantum encryption. Blockchain as a technology seems very solid and can revolutionize how we test the integrity of our data. The questions here become: is it scalable and can it be implemented at commercial/consumer levels. I think yes, over time. Quantum encryption is another game changer. This technology seems sound as well but faces technical challenges. Are we going to throw up a whole bunch of satellites in the sky to get this working? Doesn’t seem like a great idea with all the space junk already out there. If we can get quantum encryption working over large distances close to the ground – like 1,000 miles – this tech may really shatter our current ways of doing business.
Kenneth Holley: My personal passion and work are in the area of threat detection and I believe that 2018 will the year of hyper-context. Hyper-context threat detection goes significantly deeper than current human-AI threat detection models by not only looking at past behavior, but also predicting future behavior based on highly specific details, including preferences, organizational relationships, and interdependencies, among other things. In effect, we are humanizing threat detection. By its very nature, hyper-context relies on people, deep and long-standing relationships, and most importantly, trust.
Chris Veltsos: The 2016-2017 AV test report mentions that there’s now “four new malware samples per second.” How exactly do you expect security controls relying on manual interactions to keep up with the trend lines? We need AI/ML not because it’s going to solve everything (at least not for another 2-3 decades), but because it allows us to begin to keep up. I’ll say it again: AI/ML allow us to begin to keep up with the frequency of new malware samples, with the frequency of attacks and false positives, and with the increasing complexity of triaging incidents happening in ever-more-complex IT systems.
Blockchain and Quantum Encryption are two other very promising pieces of technology. The former should allow us to be more trustworthy transactions, while the latter is a race against time as there are many countries engaged in very promising experiments into quantum computers, the advent of which would render current encryption nearly obsolete.
CB – You all, Paul Ferrillo, Esq. George Thomas, and Shawn Tuma, Esq. and me, have joined forces for a special quest called #Cyberavengers. Can you elaborate on the educational mission and vision of this collective effort?
Chris Veltsos: Paul Ferrillo had the vision to bring us together. I am honored to be part of the Cyber Avengers, a group of seasoned folks that are down-to-earth and not full of themselves. The seven of us combined have lots of expertise, but seek to share our ideas and recommendations in plainspoken English instead of technobabble or legal mumbo-jumbo.
What brings us together is our desire to help our fellow human beings, our fellow business-people. Cybersecurity isn’t hard. Yes, it can be scary, and yes, if you’re dealing with some techies who want to use their position to boost their ego, it can be highly frustrating.
But remember that the ultimate goal of cybersecurity is to help your business stay in business (or achieve business objectives); there’s no path forward without cybersecurity. You need cybersecurity today much like you need dependable and transparent accounting. Your business simply won’t go very far without both.
George Platsis: “Cybersecurity” as a concept has been mystified. While that approach has worked out great for a few (IT professionals, CIOs/CISOs, CTOs, the vendors) it hasn’t really worked out for the rest of us. We need to demystify this word so everyday people can do their part. That’s why the #CyberAvengers try to make things simple. Some things are. We’re not asking everybody to become coders and ethical hackers. We’re asking people to patch their systems, identify spearphish attempts, don’t leak information, and be smart about your online habits. We just don’t have enough resources (money, bandwidth, time, you name it) to rely on purely technical solutions. Some people have made off like bandits for the last few years, but they haven’t exactly made us safer. That’s what the #CyberAvengers want to do. We want to reach everyday people and we also want to reach the decision makers too. Let them know there is a smarter way about spending your money and there are things you can do to keep yourself safe without some complex security add on to your system. Ultimately, it comes down to this: defending the interests, namely the security and economy, of the United States. That’s what we do.
Kenneth Holley: The vision and mission of the #Cyberavengers are wide and deep – from the everyday person to policymakers. The message is clear and simple: we’ve reached the tipping point and it’s time to take cybersecurity – on an individual level all the way to the national level – seriously. Practically, we provide tangible steps, instruction, and guidance on how to adopt a sound cybersecurity posture, plan for cyber-incidents, and build overall resilience. I am extraordinarily gratified that our tireless work is resonating across the board. Ultimately, our lives, livelihoods, and democracy hang in the balance – and we will not stop in carrying our message forward.
Driven by an intense passion for technology and innovation, Kenneth Holley launched Information Systems Integration (ISI), a Washington, DC-based information technology (IT) services and consulting firm in 1993. Serving as ISI President and CEO for the past 23 years, Kenneth has provided IT consulting services to firms across the United States, with a particular focus on infrastructure security and data analytics. In recent years Kenneth has assisted many clients, including foreign sovereigns, ensure brand and profile security as well as building engaged communities within the social media realm.
For over 15 years George Platsis has worked with the private, public, and non-profit sectors to address their strategic, operational, and training needs. Professionally, he has worked on projects related to business development, risk/crisis management, resilience, cyber and information security, and cultural relations. He also creates custom-designed educational products and workshops, has been published, is a regular commentator, and public speaker. Currently, his professional efforts focus on human factor vulnerabilities related to cybersecurity, information security, and data security by separating the network and information risk areas. Some of the issues he tackles include: business continuity, resilience strategies, social engineering, insider threats, psychological warfare, data manipulation and integrity and information dominance. He is a team member of SDI Cyber, based in Washington, DC.
Chris Veltsos, aka Dr.InfoSec, is passionate about helping organizations take stock of their cyber risks and manage those risks across the intricate landscape of technology, business, and people. Whether performing information security risk assessments, working alongside CIOs & CISOs to set and communicate strategic security priorities, or advising board members on effective governance of cyber risks, Chris enjoys working with business leaders to improve their organization’s cyber risk posture. As a faculty member at Minnesota State University, Mankato, Chris is Graduate Program Director for the Professional Science Masters degree in Information Security and Risk Management (ISRM PSM) launched in Fall 2015. Chris has written over 45 articles for IBM’s SecurityIntelligence.com blog on cyber topics such as the relationship between CISOs and board directors, effective security awareness, cyber resilience, and the communication and governance of cyber risks.