Panel: Cyber Industry Dialog 2
Implementing "agile" networks on legacy infrastructure will be the main concern of cybersecurity industry players in the coming years, according to a panel held Monday afternoon at the 28th National Space Symposium being held this week in Colorado Springs.
Threats in secure networks can change by the second, which is especially disturbing for those networks that carry information on defense or vital infrastructure, observed the panelists. It makes it difficult to adapt to the problem, and the consequences are enormous if something in those networks is altered.
But with the United States government facing a gap between its need to upgrade the systems, and the money available to do so, the challenge will be to provide systems that are both affordable for the government and robust enough to combat threats as they arise.
The panel Monday afternoon featured mostly small- and medium-sized players in the security industry, which stood in contrast to the morning cyber panel that focused on major integrators such as Boeing and General Dynamics.
"Commercial adoption needs to be turned on its head," said Glenn Veach, the chief technology officer at Relevant Security. His Denver-based firm deals with network security.
"Cybersecurity innovation does not exist," he continued, explaining that much of today's focus is on standardization. As the former chair of a standards body of the Institute of Electrical and Electronics Engineers (IEEE), he said standardization takes a long time, with a lot of resources, and involving many organizations.
The panelists said innovation often begins with small companies, the very entities that are often left out of standardization processes. Delivering the same platform to customers across multiple systems can be prohibitively costly in terms of people and money for startup or small firms.
Virginia-based Blue Ridge Networks often gets questions about why cybersecurity even matters, said its executive chairman, John Higginbotham.
In response, he pointed to 2011 figures showing that the aggregate trade deficit for the United States is $10 trillion, a figure that doesn't include intellectual properties stolen by direct adversaries. A Blue Ridge presentation he cited estimates an additional $5 trillion to $8 trillion in intellectual property on top of that deficit.
While allowing that cybersecurity is inherently a tough sale as it doesn't deal in physical goods, Mr. Higginbotham argued the economic impact is too big to ignore.
"Imagine the discourse we would have at the deficit discussion level if we could recapture $15 trillion to $18 trillion dollars of value into the U.S. economy," he said.
While few solutions were raised in response to the issues presented at the panel, several of the participants said one approach would be to emphasize "communities of trust" between industry, government and other members of cybersecurity networks to come up with solutions amenable to all.
Gartner, a Connecticut-based information technology research firm, defines these communities as "a socio-technical construct that meets the communications and security needs for the ongoing sharing of sensitive data across the Internet between multiple organizations."
The larger these organizations are, the less likely it is that entities can keep information secure, said Michael Glenn, the director of enterprise technology security for CenturyLink, a large Louisiana-based telecommunications company. But he said it was vital to proceed in this community direction.
"We don't have a level of expertise that any one company or any one agency has ... to protect ourselves," he said.
That said, it will require more than trust to perform upgrades on the sometimes 30- to 40-year-old security infrastructure that the United States and other countries possess. It is up to companies to work well with government, and also to provide cost-effective solutions to fix the holes in these old systems using easily adaptable technologies.