Dan DunkelCyber Security: The Cyber Genie is Out of the Bottle

by Dan Dunkel - President, New Era Associates

Published in SDM

Having recently attended both the ISC West and RSA conferences, it was interesting to note a shared emphasis on “cyber security” issues at both events. ISC West focuses more on physical and logical security compared to the IT-security heavy positioning of the RSA.

Interesting to note, it was a keynote at ISC West that got me thinking about the cyber opportunity for security integrators. It is no longer news that physical and logical security applications are converging across an IP-enabled global network; however, the cyber threat has emerged as a long-term opportunity for integrators.

The ISC West keynote, delivered by Lt. General Kenneth Minihan (ret.), former director of the National Security Agency and Defense Information Systems Agency, and current chairman of the venture capital firm, Paladin Partners, was outstanding. The general discussed the convergence of physical and virtual security. He highlighted numerous factoids related to intellectual property theft, from insider employees to the alarming trends of cyber organized crime and state-sponsored attacks. The days of hacking for fun are over; everything is financially motivated today, and global e-crime ecosystems selling stolen product designs, pirated software and individual identities are thriving. The general ended his presentation by saying, “Make no mistake about it. We are in a competition for our future.” He mentioned the “folks on the floor,” the vendors at ISC West, do not understand that the cyber threat is real and a growing concern for their customers. The only issue I had with the general’s excellent and timely presentation was that it was not delivered on the show floor via loudspeakers.

Consider these Wall Street Journal headlines in April: “Electricity Grid in U.S. Penetrated By Spies” (April 8, 2009) and “Computer Spies Breech Fighter Jet Project” (April 29, 2009). Before you blame the Chinese alone, consider France, our ally, who considers intellectual property theft from foreign competitors a national obligation, not a crime. A Verizon cyber study, presented at RSA 2009, stated that 30 percent of third-party suppliers have stolen confidential data from their partners! This is aside from the 65 percent of internal employees who admit to doing the same thing upon leaving a firm. Computer Associates presented data at RSA stating that 42 percent of the firms it surveyed are increasing security expenditures this year, while 50 percent are remaining the same as last year, and only 8 percent are reducing funding. Follow the trends and the money.

The “data theft” problem is growing quickly, and it is larger than identity theft. A majority of our nation’s innovations are created in firms with less than 50 employees. These firms need a security policy that blends physical and virtual solutions across a secure network. The cyber genie is out of the bottle — and integrators need to protect the intellectual property being created by their customers. The ability for security integrators to understand this changing landscape and protect “all” of their customer’s assets will be big business moving forward. It is an opportunity to provide additional integrated services (holistic security) and position into an area that will see priority funding levels in the future.

This is a national security and a business “competitiveness” issue. If the United States loses its intellectual property advantage, we are in big trouble. The White House will soon approve up to 30 billion dollars for cyber security initiatives. Commercial and university markets will follow the lead. Everyone is susceptible to online criminals — kids, employees, defense contractors and state, local, and federal government agencies. Security integrators need to get in this fight…sooner, not later. To quote General Minihan, “We are facing the most serious economic and national security challenge of the 21st Century.” Enough said.