We Need a Cybersecurity Approach That Is Proactive, Agile, Adaptive
Before delivering a keynote at the Florida Center for Cybersecurity 2015 Annual Conference, former NSA Director Keith Alexander spoke about his new startup and the direction cybersecurity must take to be successful.
In June of 2013, privacy advocate Edward Snowden exposed the National Security Agency's mass surveillance efforts — and it was during this time that Keith Alexander, a retired four-star general of the United States Army, served as the NSA's director. On March 28, 2014, after leading the agency through one of the toughest periods in its history, Alexander retired from his post
During this time, Alexander also served as commander of United States Cyber Command. And when he spoke at the 2013 Black Hat USA conference, he spoke about how as our dependence on information networks increases, it will take a team to eliminate vulnerabilities and counter the ever-growing threats to the network.
"We can succeed in securing it by building strong partnerships between and within the private and public sectors, encouraging information sharing and collaboration, and creating and leveraging the technology that affords us the opportunity to secure cyberspace," he said.
Now, as CEO of IronNet Cybersecurity, which offers an integrated, end-to-end approach to cybersecurity, Alexander is working to fill in a critical gap between cyberthreats and available security technology. Before delivering his keynote speech at the Florida Center for Cybersecurity 2015 Annual Conference, he sat down with me to answer a few questions.
Q: In the cybersecurity industry, we call it the Wild Wild West. Did you ever think it was going to get this wild?
A: In 2007, after the distributed denial-of-service attack by Russian “hackers,” we predicted that the numbers of exploits and attacks would increase significantly, and we have seen just that. It is my personal assessment that these attacks will gain momentum as crises throughout the world evolve, especially in the Ukraine and Middle East.
Q. Recent attacks by China caused tense discussions in a recent U.S. visit by Chinese President Xi Jinping. You had warned of these state-sponsored attacks for years. Will the resulting U.S.-China cybersecurity agreement have an impact in cyberattacks or is there more needed?
A: Clearly there will be a significant need for more discussion and talks at every level — political, military and commercial. President Obama and President Xi Jinping have taken an important first step. We must now all help push this forward. In addition, we should concurrently work to improve our own defenses.
Q. Your are now CEO of a startup cybersecurity company, IronNet. How do your responsibilities differ from the past and what similarities are you seeing?
A: As commander of U.S. Cyber Command, my most important mission was to defend our nation from cyberattacks from our adversaries. I no longer have that responsibility. As the director of the National Security Agency, I was responsible for providing information on those attacking and exploiting our nation in cyberspace, providing intelligence to our national leaders and the Armed Forces, especially those in combat. And I was responsible, along with a great government team, in keeping our nation safe from terrorist attacks. The greatest privilege and honor I have had in my lifetime was leading the great military and civilian personnel at USCYBERCOM and NSA.
As the CEO of a cybersecurity company, we can continue the mission in cyberspace by providing key capabilities to the commercial sector and to the government to help them defend their networks. Cybersecurity requires a team effort — between government and industry, and with our allies. It is an honor to continue to serve and support this national effort in this new capacity.
Q: You have led some of the largest agencies in the federal government. As a startup, how difficult is it to get through these bureaucracies, and should industries like the ever-changing cybersecurity industry be addressed differently?
A: I have focused on working with the commercial sector as my top priority for a host of reasons. I think we can help provide a more defensible architecture and prepare the commercial sector for the time when cyberlegislation is approved and the sharing of cyberinformation can really flow.
Q. Cybersecurity software-as-a-service (CSaaS) is a new approach that is just beginning to catch on. This is a major focus of your new company. Can you tell us some of the advantages of CSaaS over typical cybersecurity offerings?
A. IronNet deploys a minimal set of hardware at customer locations. Software and services are provided out of our Security Operations Center (SOC), where we efficiently manage resources and capacity. Similar to the neighborhood watch concept, the SOC detects and mitigates threats within and across business sectors using a suite of technologies we call IronDome.
Q. We seem to be stuck with some older cybersecurity technologies that just can’t support us now or into the future. We are constantly playing catch-up with what the industry calls “patch and pray” reactionary cybersecurity rather than deploying needed real-time proactive cybersecurity. Are there any new technologies or approaches you see that will support these needed proactive cybersecurity services?
A: We need to move now to a new approach to cybersecurity — an approach that is proactive, agile and adaptive. The old reactive methods, which are based on static perimeter defenses, are not sufficient. Innovative approaches begin with the capability to have visibility across a company’s network, and this visibility needs to be in real time. Then, with this visibility, we can see how machines and people behave on the network, and we can identify changes in behavior. It is these changes in behavior that allow us to identify malicious activity and cyberattacks — and then to take steps necessary to protect a company’s network and data.
Q. What will be the focus of your Keynote Address in Tampa at the Florida Center for Cybersecurity 2015 Annual Conference this month?
A: Three key areas — the rapid evolution of technology, the evolution of threats in cyberspace and a roadmap to the future.