Posted by Andrew M. Scott
Cybersecurity concerns have never been higher with the recently alleged use of cyber-attacks against the United States from China and the largest DDoS attack in history occurring only a few weeks ago in the UK.
With this year's Symantec Government Technology Summit in two weeks, we sat down with the security solution provider's Public Sector CTO John Bordwine to talk about this critically changing landscape.
Q: Which forms of cyberattacks are public sector agencies most susceptible to right now?
A: The attack vectors are still most prevalent around e-mail access and web browsers. Our latest security report validates this plus we have seen more in the way of mobile attack vectors and phishing activities within social networking sites.
Q: What are we missing (as a country) in our own cyber defense systems today in order to better prevent infiltration?
A: Infiltration will occur, however ensuring that we understand our risk and the impact of accepting a certain level of risk should be one of the components to focus on. There is also a variance in how different agencies and organizations define risk and risk acceptance without a solid baseline of definition. Of course this will be the case depending on the agency or organization, but sharing best practices would be a great start.
Q: What would you say are key elements in the roadmap to building a more secure infrastructure from these attacks?
A: One of the key components, even after stating this many times, is end user education. People need to understand that we are in a very well connected environment and we must take responsibility for security.
Additionally, I believe we need to always keep in mind that attack vectors generally equate to vulnerabilities and these can be either IT based or human based. It only takes one un-patched system, or one click on a link to start a breach event.
Q: Your thoughts on the President's new cybersecurity executive order? Would you say it has the "teeth" to make a dramatic impact in these efforts?
A: I believe this is a great first start, and it appears that from recent legislative activity, the "teeth" to create impact seem to be growing. Symantec is actively working with NIST on the framework to support the Executive Order.
Q: How does this initiative from the White House compare with Congress' Cyber Intelligence Sharing Protection Act?
A: I believe these two initiatives support quite a bit of commonality at the baseline. You really cannot have a cohesive cyber-security framework without a strong share of information. The combination of defining the framework, as NIST is currently working on, along with the appropriate legislation to support major components of such a framework should equate to a stronger cyber defense position.
Q: How are Symantec's solutions actively involved in helping the government to fight cyberattacks?
A: Instead of giving you the Symantec commercial, I'll provide ways we believe we are helping. We are very active with many government agencies as well as many of the "policy" agencies. We also ensure the security within our products in many cases by taking products through the appropriate certifications and validations, such as Common Criteria and FISP 140-2.
Q: In what ways are mobility and the resilient cloud changing the landscape of information security?
A: The short answer is very much. Mobile device, especially "smart" devices, now have their own set of new vulnerabilities within our recent Internet Security Threat Report. And there are hundreds of them that have been identified.
Cloud computing also adds a level of security challenges as has every new computing environment. For the cloud environment, I believe the most important component is to ensure the security of the information. The data that is transferred or stored must be encrypted. This data is really what our adversaries want.
You can connect with John (@Bordwine on Twitter) at this year's Summit on May 9 in Washington, D.C. Join the conversation on Twitter by following #SymcGTS and connect with Symantec's public sector team at @SymantecGov.