The Globality Quotient: Cybersecurity – Prevention And Protection. – By Ludmila Morozova-Buss Interviews Chuck Brooks

The Globality Quotient: Cybersecurity – Prevention And Protection.

Charles (Chuck) Brooks serves as the Vice President for Government Relations & Marketing for Sutherland Global Services. Chuck is Chairman of CompTIA’s New and Emerging Technology Committee, as a Fellow oat The National Cybersecurity Institute, and serves on Boards to several prominent public and private companies and organizations. Chuck has extensive service in Senior Executive Management, Marketing, Government Relations, and Business Development and worked in those capacities for three large public corporations.In government, he served at the Department of Homeland Security as the first Director of Legislative Affairs for the Science & Technology Directorate.

“Digitalization is the cause of large-scale and sweeping transformations across multiple aspects of business, providing unparalleled opportunities for value creation and capture, as well as being a source of major risk.”* –

Scientific advancement of modern times in high technologies that results in the state-of-the-art engineering technologies, the speed of technological changes all over the globe and in space, are a magnet for ‘white’ and ‘black’ players – ‘Lords of Order’ and ‘Lords of Chaos’- that aim to generate ‘cyber tornados’, ‘cyber thunder-storms’. ‘Cyber–attacks can range from installing spyware on a PC to attempts to destroy the infrastructure of entire nations’, to cause great harm with unprecedented consequences. These ‘players’ have names. Many hide behind the masks. –

We are being showered with reports of escalating impacts and costs that are measured in the billions. –

Cybersecurity. Pushing the frontiers: Prevention and protection strategies in cyber security. What do we need to know about prevention of cyber-attacks and protection of critical infrastructure?

With these and a few more questions I am proud and honoured to again be gifted with time and wisdom of Mr. Chuck Brooks – one of the world’s known experts, the industry guru, your future reference for the most competent and comprehensive quest and analysis on cyber security.

To Chuck Brooks: What do we need to know about prevention of cyber-attacks and protection of critical infrastructure?

A. The public and private sectors have prioritized critical infrastructure as the primary focus of cybersecurity threats. In the past year, the Department of Homeland Security (DHS) tracked over 200,000 cyber incidents involving critical infrastructure in the United States. 85% of the critical infrastructure in the U.S. is owned by the private sector and is assisted in protection by the Department of Homeland Security. All critical infrastructure including the electric grid, healthcare, transportation, communications, and financial networks are vulnerable to attacks by hackers.

In a Ponemon Report, it was disclosed that three-quarters of energy companies and utilities have experienced at least one recent data breach. According to that same report, “a mere 21% of global energy and utilities organizations feel that their existing controls are able to protect against exploits and attacks through smart grid and smart meter-connected systems.”

A sound cybersecurity policy requires grasping a growing understanding of the seriousness and sophistication of the threats, especially denial of service and the adversarial actors that include states, organized crimes, and loosely affiliated hackers. An encompassing cybersecurity approach involving people, processes, and technologies will lead to the best possible protection and resiliency for cyber-attacks on the critical infrastructure.

An effective strategy to mitigate threats necessitates bolstering of capabilities in information sharing, monitoring of the networks, incorporating Next Gen layered hardware/software technologies for the enterprise network, payload, and endpoint, and training of employees. There are a variety of specific elements involved in this strategy including incorporating encryption, enhancing network monitoring & diagnostics, maintaining access controls, secure systems development, biometrics, authentication processes – verification and validation; strong firewall architectures, anti-virus software, and especially following security protocols. For any critical infrastructure cyber or physical security initiative, continuity plans and disaster recovery plans are also essential.  As technology and analytic capabilities continue to improve, the quest for automated network security via artificial intelligence and machine learning is a logical goal of critical infrastructure protection strategy.

Q. To Chuck Brooks: Protecting Industrial Control Systems from Electronic Threats. What is an industrial cyber security control system and why it is different than IT security?

A. In basic terms, Supervisory Control and Data Acquisition Network or SCADA, are composed of computers and perform key functions in providing essential services and commodities for important industrial control systems (ICS). These are systems that are remote systems of control used to monitor and control industrial processes. SCADA systems that provide a user interface for operators to observe the status of a system, receive alarms, and adjust and manage the process under control. SCADA generally refers to control systems that span a large geographic area, such as a gas pipeline, power transmission system or water distribution systems. All of those industries have been targeted by cyber-attack (malware, denial of service) aimed at master stations and control centers.

Protecting industrial control systems is a component of the dynamic threat environment and response matrix that constitutes the whole of cybersecurity.  IT security is also a broader component of cybersecurity. Because of the vital role of industrial control systems, enhanced security measures, including more isolated networks, multi-layered (software and hardware hardened) defense in-depth and specialized protocols, are needed to protect these assets. Contingency planning and preparedness are especially important for industrial control systems because a breach or failure could be catastrophic. Resiliency is always a priority. Still in an ecosystem of digital connectivity, there will be vulnerabilities.

Many Industries, especially those involved in manufacturing, would be wise to follow the multi-layered solution security and reliance models employed in industrial control systems. It is important to be vigilant, calculating, and prudent in addressing cybersecurity issues as the landscape is still evolving.  For the information security community in both government and industry that means learning from intrusions and building more secure code, hardware and implementing protocols to best contain future threats, especially against critical infrastructure.

As “the growing universe of information technology continues to change us.” The Digital Society Institute was recently founded in Berlin, Germany. The European School of Management and Technology (ESMT) and the Digital Society Institute pledge to develop, to bring to life the digital wisdom – the combination of values and strategy.

“The Institute will be decidedly independent, inter- and trans-disciplinary, intelligible and pragmatic. It will aggregate and develop basic research using methodological approaches and theories and combine them with an application-oriented and holistic viewpoint, thereby providing metrics and frameworks to measure, understand and predict the digital world, and to develop responsible strategies for our digital future.”

Comments are closed.