Author: Shannon Perry

Shannon Perry is an award winning writer and analyst with a background in statistics & science, technology and international affairs.

Cognitio Corp

Lessons from the Synergy Forum: Affordability of Cybersecurity & Risk Management

cognitiocorpOn April 30 2015 industry leaders and government practitioners gathered in Tysons Corner at Cognitio's Synergy Forum to discuss technology trends, innovation, and ways to enhance enterprise and mission outcomes. Technology and Emerging Concepts for Enhanced Cybersecurity, the forum’s first panel discussion, consisted of David Bray, Brian Carrier, Peter Fonash, and Dean Hall, who collectively identified many of the growing opportunities and challenges in the cyber arena.

Although the conversation largely focused on large government and industry enterprises, the panel repeatedly recognized the growing issue of cybersecurity affordability for small- and medium-sized businesses. The newest cybersecurity solutions often carry a high cost, which may prevent smaller organizations from even considering them. As small- and medium-sized businesses constitute a central component of the American economy, their vulnerability is a very important problem for the United States.

For example, if an organization uses an outdated operating system in an effort to cut costs, it is highly unlikely that the same organization will utilize cybersecurity professionals to bolster its information security – it is not even exercising basic cybersecurity hygiene by using outdated software. Although cybersecurity conversations tend toward the cutting edge and maximum protection, affordability should always be a consideration of cybersecurity advocates, because sometimes the most vulnerable enterprises cannot afford expert protection or the latest and greatest solutions.

Another important piece of the puzzle is considering cybersecurity as a risk management problem – instead of a problem to be solved, said Mr. Fonash. It is not realistic to try to completely prevent attacks on an enterprise’s system because attackers succeed very often. Cybersecurity breaches will occur, so limiting their consequences is much more important than attempting to prevent them altogether.

The panel identified many themes essential to enhancing enterprise cybersecurity. Bob Gourley, moderator of the discussion, concluded the conversation by summarizing these themes: anonymous information sharing, designing for containment, training individuals, automation, affordability, interoperability, and risk sharing. Incorporating these concepts into an enterprise’s strategic decision-making will certainly abet efforts to improve information security.

The recommendation was also made that small and medium sized businesses stay informed and aware of the threat. Threat awareness through use of our daily Threat Brief can provide important context that helps decision-makers better prepare for operational decisions including better ways to mitigate risk due to cyber threats.

Cognitio Corp

Lessons from the Synergy Forum: Cybersecurity through Information Sharing

cognitiocorpOn 30 April 2015 industry leaders and government practitioners gathered in Tysons Corner to discuss technology trends, innovation, and ways to enhance enterprise and mission outcomes. Technology and Emerging Concepts for Enhanced Cybersecurity, the forum’s first panel discussion, consisted of Bob Gourley, David Bray, Brian Carrier, Peter Fonash, and Dean Hall, who collectively identified many of the growing opportunities and challenges in the cyber arena.

The obvious challenge of cybersecurity – the attacker’s advantage – set the context for the panel discussion. Perhaps the most interesting potential solution came from contributor David Bray, who suggested that cybersecurity experts could learn several lessons from the public health community. He created an analogy between infectious diseases and cyberattacks.

When an individual contracts an infectious disease, hospitals share that information openly, so other hospitals and the government can better prepare in the case of an outbreak. Other hospitals then know what to look for, who to look for, and what to do immediately if they encounter the disease. In a similar way, openness about cybersecurity is preferable to being closed. If information about attacks could be anonymized and shared among a large community of enterprises, the collective defense of the entire network could greatly improve. Members of the network could have better information about what to look for and when to expect the next threat.

The problem, of course, is that traditional defensive measures do not translate to cyberspace. The impenetrable cyber fortress is a myth. Instead, enterprises must develop more innovative solutions to defend themselves, in order to quickly detect and isolate threats. Real-time information sharing about the cybersecurity landscape could contribute to a more secure cyber environment.

We would love your thoughts on this and related topics. We are continuing the dialog from the yearly Synergy Forum in an online LinkedIn group with the same name. This vetted community of over 800 members can be found here.

Innovate, Innovate, Innovate: More Lessons from the Synergy Forum

On April 30 2015 industry leaders and government practitioners gathered in Tysons Corner to discuss technology trends, innovation, and ways to enhance enterprise and mission outcomes. How to Better Invest in Innovation, a panel discussion, consisted of Sarah Gardner, Michael Kapfer, and Yanev Suissa, who reflected on the benefits of a culture of innovation and the ways to foster such a culture.

First and foremost, the panel identified innovation as a necessity for any enterprise. Competition is a major driver of innovation, as well as expectations from customers and clients that enterprises will not remain static. If continued revenues depend on innovation, then innovation is necessary for survival. An additional driver of enterprise innovation is the innovation of criminals, which can occur at a frightening pace. Criminals do not have clients or compliance concerns, so they are often the quickest to innovate.

In terms of nurturing an innovative culture, the panel stressed the importance of allowing employees to fail, creating rewards for alternative thinking, and following through with the implementation of new ideas. After encouraging employees to develop new ideas and share them, implementing those concepts effectively provides positive feedback for the entire innovation process within the enterprise. Innovation should never be limited to technology; lucrative innovations can also occur in management and in the ways different groups cooperate.

Sometimes limiting a project’s resources can provide the stimulus to innovate, said Mr. Kapfer. While having plenty of human and financial resources is usually considered positive, tighter budgets can force teams to think critically and differently about how they solve their problems. Systems and groups evolve to survive and thrive with limited resources.

Finally, the panel reminded attendants that innovation is not a goal of itself. The goals of enterprises are concrete, and innovation is simply a means to more quickly and efficiently achieve those goals. Change is good because it makes enterprises faster and stronger.

Pew Reports on American Digital Habits Post-Snowden

A recent report from the Pew Research Center provides an interesting look into Americans’ online habits following Edward Snowden’s revelations about surveillance practices in the United States. The survey questioned adults about the extent to which their attitudes and online behaviors had changed following the revelations.

Of the population of U.S. adults who are aware of the surveillance programs, 25% has changed the way it uses email accounts, search engines, and other information/communication technologies. While 25% may not seem like a widespread change, the percentage reflects a very large number of people taking actions in response to the revelations – especially given the American individual’s history of inaction when it comes to cybersecurity.

The survey also found that the majority of Americans thinks that digitally monitoring other people (citizens of other countries or foreign officials) is acceptable, but monitoring Americans is not. Finally, it was observed that 52% of U.S. adults described themselves as “very concerned” or “somewhat concerned” about the government monitoring their own digital behavior. These findings reflect an interesting trend among Americans, a willingness to monitor others but not themselves.

Overall, this survey demonstrates a very mixed view regarding the surveillance programs identified in the Edward Snowden revelations. Some Americans are concerned about surveillance; some are not. While a significant amount of the population has changed its digital habits, many have not. The variety of opinion is not all that surprising in the often-misunderstood arena of cybersecurity.

FCC Releases New Net Neutrality Rules

Net neutrality became a buzzword in 2014, as many media sources and public figures voiced their opposition to the FCC’s “fast lanes.” In order to accommodate ballooning quantities of web traffic, the FCC proposed that content providers (like Netflix) could pay Internet service providers (like Comcast) in order to access special, faster broadband connections, resulting in high quality media that would quickly outshine other sites with slow connections.

The opposition, which included but certainly was not limited to a letter from Google and Microsoft, late-night mockery from television, and crowd-sourcing advertising campaigns, fought vehemently against the fast lanes. Equal access to the Internet, the argument states, promotes competition and innovation because young and unproven content providers are not hindered by structural constraints that form significant barriers to entry for the Internet.

The FCC released a report that outlines its new rules, beginning with an acknowledgment of the widespread public engagement in the Net Neutrality debate. “Congress could not have imagined… nearly 4 million Americans would exercise their right to comment on proposed rulemaking.” The report goes on to establish rules that protect the Open Internet from paid prioritization, eliminate unreasonable interferences and disadvantages, and increase transparency. The report describes the FCC's application of "a 'light-touch' approach for the use of Title II" for the Internet.

Many perceive the new rules as a win for proponents of Net Neutrality. Hopefully the new rules will lead to an environment that is conducive to the virtuous cycle of innovation and investment described in the FCC report.