“Digitalization is the cause of large-scale and sweeping transformations across multiple aspects of business, providing unparalleled opportunities for value creation and capture, as well as being a source of major risk.”*
Our recent essay: The Globality Quotient: Cybersecurity was published on BIZCATALYST 360°, re-published on ExecuNet and posted on LinkedIn. ‘If you try to fail, and succeed, which have you done?’ Smiling. More than 1,700 reads, 100 plus comments, emails with your suggestions. The theme of the moment or other reasons? Please, stay with us now! As we are on a journey to new discoveries. Together.
Breathtaking opportunities disguised as insoluble problems, or predestined problems that are too complex to envision before they become orchestrated by…whom? Why? Where? How? Here is a catch. The progress paradox.
Scientific advancement of modern times in high technologies that results in the state-of-the-art engineering technologies, the speed of technological changes all over the globe and in space, are a magnet for ‘white’ and ‘black’ players – ‘Lords of Order’ and ‘Lords of Chaos’- that aim to generate ‘cyber tornados’, ‘cyber thunder-storms’. ‘Cyber–attacks can range from installing spyware on a PC to attempts to destroy the infrastructure of entire nations’, to cause great harm with unprecedented consequences. These ‘players’ have names. Many hide behind the masks.
We are being showered with reports of escalating impacts and costs that are measured in the billions.
A few individuals among even the C-Suite recognize the gravity of the challenges cyber threats pose.
Cybersecurity. Pushing the frontiers: Prevention and protection strategies in cyber security. What do we need to know about prevention of cyber-attacks and protection of critical infrastructure?
With these and a few more questions I am proud and honoured to again be gifted with time and wisdom of Mr. Chuck Brooks – one of the world’s known experts, the industry guru, your future reference for the most competent and comprehensive quest and analysis on cyber security.[message type=”custom” width=”100%” start_color=”#F0F0F0 ” end_color=”#F0F0F0 ” border=”#BBBBBB” color=”#333333″]
Charles (Chuck) Brooks serves as the Vice President for Government Relations & Marketing for Sutherland Global Services. Chuck is Chairman of CompTIA’s New and Emerging Technology Committee, as a Fellow oat The National Cybersecurity Institute, and serves on Boards to several prominent public and private companies and organizations. Chuck has extensive service in Senior Executive Management, Marketing, Government Relations, and Business Development and worked in those capacities for three large public corporations.
In government, he served at the Department of Homeland Security as the first Director of Legislative Affairs for the Science & Technology Directorate. He also spent six years on Capitol Hill as a Senior Advisor to the late Senator Arlen Specter where he covered foreign affairs, business, and technology issues. In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught graduate level students about homeland security and Congress. He has an MA in International relations from the University of Chicago, and a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague. Chuck is widely published on the subjects of innovation, public/private partnerships, emerging technologies, and issues of homeland security and cybersecurity (he was recently named Cybersecurity Marketer of the Year by The Cybersecurity Excellence Awards).[/message][su_spacer]
Our guest for this discussion is Mike Quindazzi of the PricewaterhouseCoopers (PwC), the largest professional services firm in the world. And he promises to bring to our attention a few new reasons for optimism.
[message type=”custom” width=”100%” start_color=”#F0F0F0 ” end_color=”#F0F0F0 ” border=”#BBBBBB” color=”#333333″]
Mike Quindazzi, is a Managing Director for PwC based out of Southern California. He has over 25 years of management consulting and industry experience; leading teams consulting with global companies to provide insights on trends, growth and innovation.
He is a frequent speaker on PwC’s Global Megatrends that are influencing business and society. In his role he has a unique view of these game-changing trends that are presenting new opportunities and challenges. He works with organizations to understand these emerging trends and the implications for their businesses.
Mike is also active with the Los Angeles Economic Development Corporation (LAEDC) on the Board of Governors and as the Co-Chair of the Aerospace Council working to help build the economic vitality of the region.
Mike holds a BA from Montclair State University where he graduated with highest honors, Summa Cum Laude, and was granted honorary membership from the Phi Kappa Phi Honor Society.[/message][su_spacer]
Before inviting you to take pleasure in reading, I tempt to pre-open a window of magic for our readers. Please, enjoy watching a few greatest news from the Daimler AG – the German multinational automotive corporation, headquartered in Stuttgart, Baden-Württemberg, Germany.
The New Global Economic Reality. Forget the future. It is here now! From Germany with warmest greetings.
Mercedes Self Driving Trucks are going with the Daimler’s Freightliner Inspiration Truck!
CNET on Cars: Mercedes F 015: Car of the future, Ep. 62
To change at the pace of digital, to readdress value chains and business models, strategies and corporate cultures are not the easiest challenges for even the most advanced minds of professionals.
While we applaud the Valse de Vienne dancer – the Digital Transformation of Industries, its faithful companions – cyber threats – enter the dance ball. Uninvited, determined to win the dance floor, they carry distraction, risks and unlawful activities. **
Q. To Mike Quindazzi: In the international arena obviously not every nation-state, not every business plays by the same rules. Truly global! PwC could be considered as the firm that creates bridges between countries, cultures, experiences and expectations. Data ownership and data privacy will continue to be a hot debate topic among the stakeholders. I know you are doing consulting but what type of research is PwC doing in the area of cybersecurity?
A. The Global State of Information Security® Survey 2016 is a worldwide study by PwC, CIO and CSO. It was conducted online from May 7, 2015 to June 12, 2015. Readers of CIO and CSO and clients of PwC from around the globe were invited via email to participate in the survey. The results discussed in the report are based on responses of more than 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices from more than 127 countries. When it comes to cybersecurity for organizations, there is no more pivotal player than the top information security officer, typically the Chief Information Security Officer (CISO) or Chief Security Officer (CSO). It is a role whose responsibilities and competencies have become increasingly visible and critical. Today’s CISO or CSO should be a senior business manager who has expertise not only in cybersecurity but also risk management, corporate governance and overall business objectives. He or she should have access to key executives to provide insight into business risks and should be able to competently articulate risk-based cybersecurity issues to the C-suite and Board. Put simply, the cybersecurity leader should have the ability to effect change on par with C-level executives.
The Global State of Information Security® Survey 2016. Turnaround and transformation in cybersecurity.
The Global State of Information Security® Survey 2017. We completed the survey intake on May 6th, 2016. Results will be released in the near future.
Q. To Mike Quindazzi: ‘There’s a shortage in how future CSOs and CISOs are being educated, as almost all the top American computer science programs fail to prepare their students for a cybersecurity attack, according to a study by Cloud Passage.’ How does PwC participate, if it does, in creating (training?) the next generation of global cybersecurity professionals, including cyber forensics investigators?
A. There are so many examples. Let me share just one of recent interest. In the beginning of 2016, PwC US hired candidates with Military experience into a Cybersecurity Career at PwC. The group participated in a robust Cybersecurity training program learning to utilize the PwC methodologies and tools associated with participating on client engagement teams and responsibilities pertaining to specific cyber roles. Upon the successful completion of these programs, new joiners continued the on-boarding experience via various e-learning modules, guided shadow sessions and participation on client engagements. They were also assigned a veteran buddy/mentor to help assimilate to the firm. Once they were fully ramped-up and performing the duties associated with their new positions, they continued to advance within the Cybersecurity solutions offering and are afforded the opportunity to attain additional certifications, establish a personal career plan with their manager/coach, and further participate as a veteran mentor for future cybervet team members.
Q. To Chuck Brooks: What do we need to know about prevention of cyber-attacks and protection of critical infrastructure?
A. The public and private sectors have prioritized critical infrastructure as the primary focus of cybersecurity threats. In the past year, the Department of Homeland Security (DHS) tracked over 200,000 cyber incidents involving critical infrastructure in the United States. 85% of the critical infrastructure in the U.S. is owned by the private sector and is assisted in protection by the Department of Homeland Security. All critical infrastructure including the electric grid, healthcare, transportation, communications, and financial networks are vulnerable to attacks by hackers.
In a Ponemon Report, it was disclosed that three-quarters of energy companies and utilities have experienced at least one recent data breach. According to that same report, “a mere 21% of global energy and utilities organizations feel that their existing controls are able to protect against exploits and attacks through smart grid and smart meter-connected systems.”
A sound cybersecurity policy requires grasping a growing understanding of the seriousness and sophistication of the threats, especially denial of service and the adversarial actors that include states, organized crimes, and loosely affiliated hackers. An encompassing cybersecurity approach involving people, processes, and technologies will lead to the best possible protection and resiliency for cyber-attacks on the critical infrastructure.
An effective strategy to mitigate threats necessitates bolstering of capabilities in information sharing, monitoring of the networks, incorporating Next Gen layered hardware/software technologies for the enterprise network, payload, and endpoint, and training of employees. There are a variety of specific elements involved in this strategy including incorporating encryption, enhancing network monitoring & diagnostics, maintaining access controls, secure systems development, biometrics, authentication processes – verification and validation; strong firewall architectures, anti-virus software, and especially following security protocols. For any critical infrastructure cyber or physical security initiative, continuity plans and disaster recovery plans are also essential. As technology and analytic capabilities continue to improve, the quest for automated network security via artificial intelligence and machine learning is a logical goal of critical infrastructure protection strategy.
Q. To Chuck Brooks: Protecting Industrial Control Systems from Electronic Threats. What is an industrial cyber security control system and why it is different than IT security?
A. In basic terms, Supervisory Control and Data Acquisition Network or SCADA, are composed of computers and perform key functions in providing essential services and commodities for important industrial control systems (ICS). These are systems that are remote systems of control used to monitor and control industrial processes. SCADA systems that provide a user interface for operators to observe the status of a system, receive alarms, and adjust and manage the process under control. SCADA generally refers to control systems that span a large geographic area, such as a gas pipeline, power transmission system or water distribution systems. All of those industries have been targeted by cyber-attack (malware, denial of service) aimed at master stations and control centers.
Protecting industrial control systems is a component of the dynamic threat environment and response matrix that constitutes the whole of cybersecurity. IT security is also a broader component of cybersecurity. Because of the vital role of industrial control systems, enhanced security measures, including more isolated networks, multi-layered (software and hardware hardened) defense in-depth and specialized protocols, are needed to protect these assets. Contingency planning and preparedness are especially important for industrial control systems because a breach or failure could be catastrophic. Resiliency is always a priority. Still in an ecosystem of digital connectivity, there will be vulnerabilities.
Many Industries, especially those involved in manufacturing, would be wise to follow the multi-layered solution security and reliance models employed in industrial control systems. It is important to be vigilant, calculating, and prudent in addressing cybersecurity issues as the landscape is still evolving. For the information security community in both government and industry that means learning from intrusions and building more secure code, hardware and implementing protocols to best contain future threats, especially against critical infrastructure.
As “the growing universe of information technology continues to change us.” The Digital Society Institute was recently founded in Berlin, Germany. The European School of Management and Technology (ESMT) and the Digital Society Institute pledge to develop, to bring to life the digital wisdom – the combination of values and strategy.
“The Institute will be decidedly independent, inter- and trans-disciplinary, intelligible and pragmatic. It will aggregate and develop basic research using methodological approaches and theories and combine them with an application-oriented and holistic viewpoint, thereby providing metrics and frameworks to measure, understand and predict the digital world, and to develop responsible strategies for our digital future.”
‘The future is already here – it’s just not very evenly distributed.’