Sergey Nivens - Fotolia
Cybersecurity will play a major role in the 2016 U.S. presidential election. Are the candidates talking about cybersecurity policy, one of the toughest security issues they'll face as president? Not if they can help it.
But the reality of nation-state hackers -- or someone else -- accessing the networks and systems tied to our political process stirs up as much angst as the Democratic and Republican presidential candidates. The Democratic National Committee (DNC) hacks, brought to light via a WikiLeaks email dump on the eve of the Democratic National Convention in July, raised questions that made many people uneasy about what a future of ongoing vulnerabilities in information security holds.
While the cyber attributions around the DNC hack remain murky -- CrowdStrike pinned it on Russian intelligence even after a hacker, Guccifer 2.0, claimed responsibility for the attack -- the thought of malicious actors manipulating data before releasing what looks like actual communications is frightening. What happens if we can no longer trust the technology that underscores the foundations that this country -- and our lives -- have been built on?
We put some of those questions to Nathaniel Gleicher, former director of cybersecurity policy for the National Security Council at the White House. "The breach is not the part that's hard; it's surviving and thriving once you're inside," said Gleicher, who moved to the private sector in January as the head of cybersecurity strategy at Illumio. "And if it's easy to get in -- and it's probably always going to be easy to get in, at some level, for a determined attacker -- then the worst outcome is intruders having the run of the place once they get inside. If you could make that harder, that is where you start to truly turn up the dial on cost for intrusions." Read more of our interview here.
As the federal government grapples with a bureaucratic marathon that has proven to be no match for the challenges of cyber attribution and the criminal opportunities the internet created, enterprises contend with the same issues but on a different scale. Technology journalist Rob Lemos reports on identity and the internet of things, a problem that industrial engineers have dealt with for decades. We also look at the systematic rise of ransomware as encryption and cryptocurrency are increasingly used to extort organizations beyond financial services and healthcare.
The complexity of these issues is enormous, but there's a common underlying thread: The digital transformation has pushed the industry forward, but the tendency to forget about information security until it is too late may come at a higher cost.
Can cyberwar games benefit enterprise security programs?
Suspicious email, Russians blamed for White House cyberattack
Why enterprises fear the hactivist threat
- Security Information Management Systems and Application Monitoring –SearchSecurity.com
- Magic Quadrant for Security Information and Event Management –LogRhythm, Inc.
- Tips on Managing the Deluge of Information Security Threat Reports –SearchSecurity.com
- Open Information Security Management Maturity Model (O-ISM3) –ComputerWeekly.com