When you look across the cyber landscape, what would you say is the top challenge we face in solving our national cybersecurity crisis?
That’s a tough question. But if I had to identify the top challenge we face today I would say the core issue is the fact that our federal agencies have different priorities. If you look at the Department of Homeland Security, the priority is to stop the threat immediately; prevent further damage. On the other hand, within the intelligence community, the goal is to keep the threat running so our intelligence professionals can gather more information against our nation’s adversaries’ tactics and techniques. And the law enforcement community’s priority is to gather data to prosecute those behind the threat. Balancing these three things is difficult. We don’t yet have an expeditious way of making it all work seamlessly but we will get there. We have to.
There have been so many breaches over the last few years. As you look at all that has happened, what is the thing that surprises you the most?
Actually, it’s not the attacks that have surprised me, we can’t stop that from happening anymore. What surprises me is the fact that our defenses haven’t progressed sufficiently to address the attacks we face. Whether it’s the federal government or the private sector, we’ve been unable to successfully keep on top of the basic cyber hygiene we need to engage in to protect our citizens and our businesses. Because we don’t do a good job keeping our systems up to date and patched we haven’t made it challenging for cyber attackers. It’s like leaving a door unlocked on your house. If somebody wants to break in, they don’t have to be creative—just open the door. We’re still leaving doors open all over the place. That has to stop and with the work we are doing collectively as a nation to address this issue we will solve it.
What would you say is one key cyber strategy federal agencies should be looking at now?
The application of artificial intelligence in new and innovative ways is critical. AI gives us the chance to examine the real possibility of self-healing, self-patching networks, which could be game-changing. With the advances we’re seeing in technology, cybersecurity can become a more automated, proactive process. Right now, it is a fairly intense effort for any organization to manage and monitor everything they need to do. Greater automation streamlines the process. Think of AI-driven defense mechanisms the way the immune system works for the body. Something bad finds its way in, and the immune system immediately starts attacking it. New technology will provide a similar, highly efficient means of deterring cyber-attacks.