by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : April 15, 2015
SEAN DOHERTY is president of TSC Advantage. Commentary | SEAN DOHERTY The private sector has been hard hit by cyberattacks and data breaches in recent years and is now seeking help from the federal government. As Congress contemplates various cybersecurity proposals, we should welcome initiatives that foster continued sharing of cyber threat information between the public and private sectors. How- ever, it is important to understand that although legislative measures to expand prosecution and law enforcement authority against cybercriminals might deter some, they are not a panacea because hackers often go unidentified. Attribution in forensic investiga- tions is exceedingly difficult and resource intensive, and it is exacer- bated by adversaries’ adroit use of proxy servers, IP masking and other techniques. When it comes to sharing infor- mation, the Obama administra- tion’s executive order calling for the establishment of sharing and assessment hubs reflects the grow- ing urgency to defend U.S. econom- ic interests. How the private sector accepts and makes use of those initiatives will be determined by the government’s ability to protect the private sector, especially when the sharing of classified threat informa- tion is time-sensitive and essential. Further complicating acceptance is the fact that more than one agen- cy is responsible for hacking inves- tigations. The panoply of overlap- ping organizations with concurrent jurisdiction includes the FBI, U.S. Secret Service and others. Further- more, the lack of liability protection afforded to companies for sharing information that contains sensitive customer data leaves them exposed. Given those realities, is it really reasonable for the private sector to rely on the government to improve or at least be an equitable partner in cybersecurity? Federal programs are undoubt- edly important, and cybersecurity initiatives are instrumental in creat- ing a taxonomy of standards, but they should not be regarded as a replacement for corporate secu- rity investments and proactive, preventive postures. Collaboration between the public and private sec- tors is important to the defense of U.S. economic ingenuity because they can complement each other’s depth and breadth of skills, resourc- es and relevant information to stem the tide of cyberattacks. However, the extent of cyber vic- timhood will always be dependent on the maturity of an organization’s internal cybersecurity culture, the implementation of holistic security safeguards, and the extent to which a company can prevent, detect and correct vulnerabilities, as well as recover from an attack. In more and more examples, busi- nesses are being penetrated not due to a lack of government involve- ment in their security but because they skimped on it themselves. The attack on retail giant Target occurred because the company ignored adequate and reasonable safeguards. Despite using a best-in- class intrusion-detection system, the retailer left myriad vectors unde- fended, including those associated with vendor access management, hardware encryption, training, awareness and other minimum defense-in-depth practices. In the 16 months since that breach, countless other companies have fallen victim to cyberattacks, including Sony, JPMorgan Chase and Anthem. Many attacks have been linked to some of the same lax security practices that Target followed. Although the administration should be praised for elevating the importance of cybersecurity and acknowledging the role the govern- ment can play, we should remember that government involvement will never replace risk management strategies that highlight proactive postures and mature cybersecurity practices within an enterprise. n The private sector’s role in cyber defense The government’s cybersecurity efforts should be applauded, but companies bear the lion’s share of responsibility for protecting their own networks Federal programs should not be regarded as a replacement for corporate security investments and proactive postures. 10 April 15, 2015 FCW.COM 0415fcw_010.indd 10 3/23/15 1:37 PM
March 30, 2015
April 30, 2015