A former CIO and deputy director of the United States National Security Agency (NSA) has urged CIOs to become more proactive in their approach to corporate security consciousness.
“They’re just now getting their hands wrapped around this problem,” Dr Prescott Winter, who spent 27 years with the NSA, told CIO.
“But I’m afraid many of them are still reactive. The ones who have been burned are extremely proactive, they’re really leading the charge and many of them who have been burned are actually out on the circuit speaking on behalf for better cybersecurity activities and policies.”
Winter cited numerous experiences in which he found CIOs became deathly afraid of potential holes in their corporate security, particularly in areas involving critical infrastructure.
In one example, Winter pointed to a nuclear energy producer which found two separate botnets operating within its network, while another engineering firm discovered its network was the source of a pornographic distribution network.
“There’s a lot of stuff out there that people don’t know simply because they’re not looking,” he said.
Winter commended Australian service providers for taking the lead in collaborating on cybersecurity measures - largely formulated out of industry watchdog the Australia Communications and Media Authority (ACMA) - but said large enterprises would ultimately be required to ensure their networks weren’t prone to corruption from botnet viruses or other potential shortfalls in security.
“In the long run the biggest threat to functioning democracies is probably the loss of intellectual property that is happening everyday because these things are not being tied down,” he said.
“Think about the amount of money put into developing new products, marketing and services - that is what keeps economic activity alive in Australia in a lot of ways. It’s going to be a very sad day when we realise a lot of these are coming from Beijing or somewhere else.”
Winter rattled off the common excuses from CIOs around security - “we don’t know what we don’t know”, “we don’t like what we now that we know it” and “we are spending too many resources fixing things” - but said these would ultimately have to be sacrificed in favour of a more proactive approach to securing cyber defences.
The NSA CIO’s concerns come as threats of targeted distributed denial of service (DDoS) attacks have increased in the public sphere of late, particularly against those groups tied to legal protection of intellectual property and copyright.
(Sydney Water’s IT security manager talks governance strategy)