Joint Service Academy Cyber SummitTerry Roberts
Even though I am not a Naval Academy (USNA) graduate (women could not attend the Service Academies when I graduated from High School), I have been informally associated with the Naval Academy for decades and more formally since I became a member of their Cyber Advisory BOD over 5 years ago.
In a relatively short amount of time, I have been very impressed with the speed and effectiveness with which the USNA team (especially the Superintendents and the Provost) has exhibited in putting a comprehensive Cyber Science, Operations and Security Center, mandatory and elective curriculum and major in place. Through these activities I have had some exposure to the Army Cyber Institute and initiatives at West Point. Last week, as a member of the USNA BOD, I was invited to the second annual Joint Service Academy Cyber Security Summit - 24 + hours of being around some of the best, brightest and most accomplished Cyber Professionals across the military, government, academia and industry (some like myself checking all the sectors in our lifetime). Of course one of the necessary stresses of this type of venue, is that no matter how much you focus on connecting to the brilliance - there is simply not enough time and you regret all of those that you did not get to meet or reconnect with and talk to. This is why we come - not for the "famous" speakers but for the amazing attendees.
As with a majority of Cyber Thought Leadership focused forums today, there was a common shortcoming - inviting VERY important people to Keynote who are NOT "Cyber Thought Leaders nor Practioners" and who do not have unique, new nor profound insights to share. Rule #1 for Cyber Experts who attend Forums: We are so done admiring the problem or hearing that someone "now gets it." We are eager to get to the next level of insight, discussion and problem solving. We want to roll up our sleeves and make real progress in our ability to articulate today's landscape, to communicate real impacts to our businesses, government organizations and to our society, and to gain insight into real initiatives that are being piloted or worked today.
Some of the solid themes that came out of this Summit were:
Cyber Security is really about establishing and maintaining trust of our online and wireless transactions. When we allow Cyber criminals to shake the foundations of core business functions and government missions - we all lose.
That in the Digital Age - Perception is reality. And we are now perceived as losing…
In Cyber Security our focus should be on:
Raising the cost of a cyber attack to the cyber criminal
Effectively sharing threat intelligence data and insights across your sector to the betterment of all (even across competitors)
Robust and Comprehensive Cyber Education and Training at all levels.
Some Army Cyber Institute Initiatives Include:
Creation of a new Cyber Branch - first new career field in over 50 years
Establishing comprehensive and assessable cyber ranges
Fully leveraging the Defense Innovation Unit in Silicon Valley
Linking as appropriate Cyber Defense and Offense Training and Operations.
Thoughts of Note:
Work to replace old IT infrastructure and software which is VERY vulnerable
Update 20th Century Laws that don't match 21st Century realities
Know that everything with software functionality is now hackable
Focus on resilience, redundancy, regeneration
Technology must be fully leveraged to scale limited cyber talent
The Cyber brain trust and capabilities of Carnegie Mellon University were mentioned by over 10 different speakers and with varying context (Go CMU)
Connecting legacy systems to the net is dangerous - especially industrial control systems (Ukraine event)
Read the McKinsey Report on IOT www.mckinsey.com/.../the-internet-of-things
Actionable Cyber Threat Data comes from Partnerships (and can actually increase your productivity of software or hardware products)
The Government defends the Nation - Businesses must defend themselves - We partner when State Actors are involved or the Cyber Attack or Breech is significant.