Complexity as Cause, Cure of Cyber Threat WoesVideo Interview with Phil Reitinger, Former DHS Cybersecurity Leader and ex-Sony CISO
Complexity is the cause of many cyber threats; it's the potential cure, too.
That's the view of Phil Reitinger, a former Department of Homeland Security deputy undersecretary for cybersecurity, who now heads the not-for-profit Global Cyber Alliance. He delivered the keynote address at Information Security Media Group's recent Fraud and Breach Prevention Summit in New York.
Reitinger sees the vastness and complexity of the internet as creating cyber vulnerabilities. Those same characteristics, however, could one day be security's salvation, he explains.
"The size of the network is a barrier to security only until we say it isn't," Reitinger says in this video interview (click on player beneath image to watch). "The only salvation the good guys really have is the size of the network. And, if we can instrument it, and use that distributed network to observe security events, and enable automated local security decisions with some key changes, we can actually turn the size of the network to our advantage, to enable it to respond in a way an autoimmune system would and to restrict the attacks before they spread."
On Mission to Mitigate Risk
But, Reitinger says, this ideal security scenario remains one to two decades away. Until then, he says, the cybersecurity environment will worsen and enterprises will need to continue work on enhancing cybersecurity technology. "Most importantly," he says, "until we have an ecosystem that is actually defensible, we've got to put a lot of focus behind hiring and training the right people because of there's a critical shortage of cybersecurity professionals."
In the interview, Reitinger also :
- Describes the goals of the Global Cyber Alliance, with its primary mission to identify systemic risks in the public and private sectors for which mitigation might be difficult to implement (see Solving Big Risk Problems One Small Step at a Time);
- Advises enterprises to move applications and data to the cloud, which he sees as being a more secure computing platform than many enterprises maintain;
- Explains how the Global Cyber Alliance will develop metrics to measure the security solution it creates.
Before being tapped as the alliance's president and CEO last year, Reitinger served as deputy undersecretary for cybersecurity at the Department of Homeland Security. He also served as director of DHS's National Cybersecurity Center, leading the department's efforts to reduce risks across cyber and physical infrastructures and helping secure federal networks and systems by collecting, analyzing, integrating and sharing information among interagency partners. Reitinger also previously served as chief trustworthy infrastructure strategist at Microsoft and executive director for the Defense Department's Cyber Crime Center. After leaving government service, Sony recruited him as its first CISO in the wake of a massive security breach of its PlayStation gaming system.