Cyber threats from weird places
Michael Daniel: The cyber sector is a strange, strange place. And it's getting bigger
When Michael Daniel entered the White House during Obama’s presidency as cybersecurity coordinator, he never thought he’d have to brief the President about how a nation state was attacking an entertainment company due to a Seth Rogan comedy.
“I would’ve thought you definitely have got to be smoking something because there is no way that could be true,” Mr Daniel told InnovationAus.com.
“Yet, there I was briefing the President saying how North Korea was attacking Sony Pictures because of a Seth Rogan comedy. You can’t make this stuff up.”
And based on current trends, particularly as the Internet of Things space continues to grow, Mr Daniel expects things will get a lot worse – to a point where there could be significant global economic and social damage – before it gets better.
“Cyberspace is the only environment that is getting bigger on a daily basis. There’s not more ocean, there’s not more air, but only a daily basis there is more cyberspace.
“We thought doing cybersecurity was hard with a wired desktop. But right now your watch, your phone, your car is part of this, so we’re making the problem harder.
“The bad guys have all figured out they can make a lot of money, or if they’re a nation state, they can achieve their goal through cyberspace. There is a lot more people in the game, and we’re much more digitally dependent and therefore digitally vulnerable.”
These days, as president of the Cyber Threat Alliance (CTA), which was formed earlier this year by Fortinet, McAfee, Palo Alto Networks, and Symantec, Mr Daniel is focused on building an information sharing ecosystem among the vendors – something which he believes was previously lacking.
“The underlying premise is that if we start to do that then these providers will be able to better protect their customers because they’re drawing on a bigger information base,” Mr Daniel said.
“If we begin to get the cooperation and build the cooperation, we can start to look at how do we start to do this on the systemic scale, so we can start imposing the bad guys at a level that will start to tip the scales in the defenders’ favour.”
In order to encourage this change of behaviour, CTA makes it compulsory for all vendors to be transparent about the information they’re supplying, including putting their name against the information that has been submitted and what time the information was submitted.
“The idea there is we want people to stand behind the intelligence that they’re submitted. This is not anonymous sharing."
“We go to great lengths to make sure that we get very little personally identifiable information in our database. I don’t want it. It’s not necessary. If we don’t need it then I don’t need to protect it. From that angle I don’t want Symantec customer data or Palo Alto’s information; it stays tagged as Palo Alto, but that’s it.”
In addition to improving the way vendors operate, Mr Daniel believes there is an opportunity for government and private sector to work together, especially in areas where industry can contribute expertise in areas where government often have hard times marshalling.
“What I see is that if you add government to the mix, if we’re going to break up this adversary set let’s not just go after their malware, let’s go after their money flow, their suppliers, and hit all of that simultaneously.
“If the government can coordinate in doing that, then you’ve got a powerful capability to start imposing much greater systemic cost than the bad guys.”
However, in acknowledging that governments globally can often be slow to take up new technology – and is unlikely to ever catch up, Mr Daniel suggested the way around this is by getting government to re-architect itself, so that agencies become solely responsible for their own cybersecurity.
He said this was the approach Obama administration took, and is something the Trump administration continues to carry out.
“One of things we started to talk about to deal with this was, ‘Okay, let’s take a certain function of the stack and start driving agencies to have a different model where we will have one agency run the civilian transport layer that all of that information runs on, and provide the cybersecurity for the transport layer.
“The deal would be with agencies is they don’t have to worry about their transport layer anymore. Instead, they can take some of the savings from that, and invest it in their network that they do care about and at the same time beef up their cybersecurity.”
But something like this cannot happen overnight. Instead, Daniel said a mindset shift needs to happen among industry and government about cybersecurity, where it’s no longer about completely stopping online attackers but driving down their activity, so it’s manageable and no longer an existential threat.
“The attacker only has to be right once. You will always lose. We have to start thinking about it as the attacker has a goal and is trying to steal something like money or information.
“If you stop them from achieving their goal at any point along the chain, you’ve stopped them. You can prevent them from getting in, but if they get in and can’t move anywhere, you’ve still stopped them. If they get into your data but can’t extract it they’ve still failed. We have to begin looking at it that way.”
“If you don’t have those policies and implement them then you don’t know any of those things. That means you don’t know what you have a lot of the time. In my mind, good privacy and good cybersecurity usually reinforces each other.”