So, first of all, I did not miss a day yesterday for those who are keeping track...I just did not make it to any sessions so I had nothing to write about. I was in meetings all day which of course is half the reason people come to these conferences...well, in some people's cases, the only reason. I had some great meetings with critical infrastructure companies about information sharing.
Today was definitely a different day. No meetings (no complaints about that either) so I was able to take in some sessions. There are a few that I will highlight here. I will say I am about to fall over. It is amazing how much walking you do for these things. The expo closed today - it was definitely the most insane one I have ever seen. I did not win the Ferrari...dammit!!
So the first session I want to summarize was about Cyber Incident Centers and information sharing. Obviously, you are seeing a trend here. Information sharing was definitely a major theme of this conference though not every session that was supposed to be about that ended up being so. This one was actually excellent. I think that Lee Rock did an amazing job talking about how this is not just a US issue but rather a global one. Pete Cordero with the FBI talked a lot about how the NCI-JTF is working with both the government and industry to improve their sharing of information as they are receiving.
The panel was moderated by retired Adm Mike Brown. He did an excellent job of moderating as he asked some very relevant questions and made sure the audience too had the opportunity to ask some as well. He opened with asking each of the panel members (Ms. Robideaux from NSA; MGen Lacquement from US CYBERCOMMAND; Pete Cordero from FBI; and last but certainly not least, Lee Rock from US-CERT) to give a quick overview of issues that are important to them. NSA said the evolution of the threat to a more disruptive and possibly destructive threat is what they are concerned about. FBI talked about some of the recent investigations that they had been involved with. Lee talked about how cyber threats are a global problem which require a global response. US-CERT is engaged with the international CERTs and law enforcement agencies. He also discussed briefly how they are facilitating information sharing across multiple sectors. Finally, he said the government agencies need to ensure they are always working together so that when industry "calls one, they all of us." MGen Lacquement discussed US CYBERCOMMAND's mission and their planned development of the joint operations center (JOC) in FY14.
NSA was asked about how they are connecting and working with other agencies. Ms. Robideaux talked about the NTOC's "team cyber" and the several different collaboration opportunities they facilitate regularly. She also discussed the "cyber alliance portal" where actionable indicators and warning information is available (yet only on classified systems which begs the question, how actionable is the information then...). FBI was asked the same and discussed the Infraguard program and collaboration with the National Cyber Forensic Training Alliance (NCFTA).
A question was asked by the audience about suggestions for creating a small information sharing and analysis center (ISAC). Lee stated there does not need to be a heavy investment in a formal ISAC. He talked about how there are many informal sharing groups across industry which have been the kernels to the more formal relationships. The key is trust and that "you have to give to get" - so bilateral sharing means just that.
The last question that was asked by Adm Brown was "what will success look like to you?" US CYBERCOMMAND stated moving the ball down the court with regard to sharing relationships within the government along with the FY14 completion of the JOC. Lee Rock said that success means bridging the gap between the public and private sectors - building trust to increase sharing so that actions can be taken. FBI said success would mean them taking more actions on intrusions and moving from a reactive to a preventive mode. NSA said changing from reporting victims of attack to using SIGINT and intelligence authorities to create proactive actionable plans to go after the threats.
There were two keynote speakers from today that I felt were excellent - the other three were like putting needles in my eyeballs, but I am so glad that I did not leave as I would have missed the last one which to me was the best of the day! The first keynote was Robert Mueller, Director of the FBI. I don't have as many notes on him as I actually sat Tweeting soundbites the entire time as I felt they were worthy of that. So below are the tweets I sent out:
- Terrorists, state-sponsored intruders, "for profit" hackers, insiders, and activists are the most dangerous to cybersecurity today.
- Terrorism is still the FBI's number 1 priority, but he believes in the not so distant future, that will be replaced by cyber threats.
- We need to break down the walls for sharing the same way as was done for counterterrorism data across industry, government and law enforcement.
- FBI does not want industry to feel victimized again because they reported an intrusion to the them.
- There are only two types of companies - those that have been hacked and those that will be.
Finally, and last but not least, was the closing keynote for the day. Sal Khan, the Founder of the Khan Academy, gave the background on how the not-for-profit program came to be. Let me tell you - this is one inspirational story that I in no way could properly do justice. If there is one keynote that I would say is WELL worth watching, especially if you do not know about the amazing things that this new approach to teaching our young people and adults alike are accomplishing. This will definitely be on my list of annual charities from now on. Please take the 30 minutes if you have the time and be inspired by the change that this man is bringing to the world. It is not often that you sit and listen to someone and just know, you are listening to someone who will truly make a global change. It was awesome!