Local ⋅ Live Blog

Washington Post Live’s 2013 Cybersecurity Summit

Resize Text
Print Article

The 2013 Washington Post Cybersecurity Summit will convene leading national security officials, industry experts and journalists to discuss cyber theft and cyber espionage. Watch this page from 8:30 a.m. – 12 p.m., Oct. 3, for updates from our live stream.

Wrapping up: Cyber attacks, from theft, to disruption and now destruction

We’re wrapping up our 2013 Cybersecurity Summit. Video clips from the program will be posted throughout the day, and a full special report will be online Oct. 10.

Some takeaways from our speakers:

“Something like this will happen,” says former deputy secretary of defense William J. Lynn of Washington Post Live’s simulation cyber attack. “We’re seeing an escalation of the impact of cyber intrusions.”

Lynn recounts that the threat used to be theft of information and theft of money. “We’ve now moved up to disruption,” he says. “The third level is actual destruction. I think it’s reasonable to believe that we’re moving in that direction.”

Whether the actors are a dozen guys in flip flops with red bull getting stuff on eBay or terrorist groups, there’s a greater maliciousness, according to Lynn. “How long it’s going to take, when it’s going to happen, how it’s going to happen. Unclear.”

Lynn says the focus should veer toward how government improves its sharing, both within private and public sectors. “The threshold to gaining sophisticated destructive abilities is lower than it is in conventional military — similar in the sense of IT as a domain of warfare.”

Former deputy secretary of Homeland Security Jane Lute says the status quo is unacceptable. “If you think of the 93 member states of the United Nations, no two are handling this the same way … We need to take action. 80 to 90 percent of the critical infrastructure in this country is in private sector hands. When you think about power in cyberspace, it’s the power to connect, not the power to protect, that matters.”

Former National Intelligence General Counsel Ben Powell tells the audience we need to think about government’s role in cyberspace. “One question is how are we getting ahead of this in terms of indication and warning,” he says.

TASC Intelligence vice president Terry Roberts says “industry is the leading actor in this stage, where government’s role is in helping set the framework” — defining the skills needed and promoting private-public partnerships in those third party entities.”

Wrapping up our 2013 Cybersecurity Summit, Ronin Analytics president Mark Young adds, “In the United States, we invented the information age … We need to update our processes and infrastructure in the information age.”

Advisory note: 'This is not real,' cyber attack simulation on the live stream

Cyber attacks are relatively new territory. Today, in the form of a fictional war gamewe demonstrate the plausibility of a real life cyber attack and its potential impact on the United States.

Our panelists:

  • William J. Lynn III, former U.S. deputy secretary of Defense; CEO, DRS Technologies

Scenario Role: Secretary of Defense

  • Jane Lute, former deputy secretary of Homeland Security, president & CEO, Council on Cybersecurity

Scenario Role: Secretary of Homeland Security

  • Steve Chabinsky, former deputy assistant director, FBI Cyber Division; chief risk officer, CrowdStrike

Scenario Role: Director of the FBI

  • Terry Roberts, former deputy director of Naval Intelligence; vice president, TASC Intelligence

Scenario Role: Private Sector Interests

  • Ben Powell, former general counsel of the Office of the Director of National Intelligence; partner, regulatory and government affairs, WilmerHale

Scenario Role: Director of National Intelligence

  • Bob Stasio, former chief of operations at NSA’s Cyber Center; CEO, Ronin Analytics

Scenario Role: Various Cyber Attackers

  • Mark Young, former executive director for the directorate for plans and policy at U.S. Cyber Command; president, Ronin Analytics

Scenario Role: Facilitator

In the event of a cyber breach, who do you call?

Visa’s Ellen Richey says the payment industry is not waiting for, but, rather, working with law enforcement.

“We’re pretty vulnerable,” says former deputy secretary of homeland security Jane Lute. “For a long time, we’re chasing the shiny new widget. We need to stay on top of the critical controls. We also need to focus on manpower. You can ask, [at your business], ‘are you talking to your CTO?’” The response generally, according to Lute, “‘I don’t speak dolphin.’” Lute reiterates that managers and executives need to talk to their technology personnel.

Washington Post Live editor Mary Jordan asks Richey who she should contact in the case of a breach. ”We call the Secret Service,” says Richey. “We know they’re effective in coordinating, in a multinational perspective.”

Former White House cyber czar Howard Schmidt notes that none of these things are localized. “The time to engage Secret Service and the FBI is not in the middle of an incident.” Schmidt says that companies should build relationships with government agencies before becoming a victim of a cyber incident.

Lute notes the need for best practices in reducing risk. “We’re suffering from the fog of more. It’s hard to know what works … no one knows what to do first.”

Reducing the risk of cyber attacks

Our second panel, “Reducing the Risk of Cyber Attacks,” is on our live stream now.

Our panelists:

  • Ellen Richey, chief enterprise risk officer, Visa Inc.
  • Howard Schmidt, former White House cybersecurity coordinator; partner, Ridge Schmidt Cyber
  • Jane Lute, former deputy secretary of Homeland Security, president & CEO, Council on Cybersecurity

“In our industry, that’s payments, we’re more worried about the economic side,” says Visa’s Ellen Richey. Richey says though we’re aware of these hackers and nation state actors, law enforcement aren’t responding, shutting down crime, properly or diplomatically.

Visa has 30,000 transactions a second, 56 billion transactions a year, according to Richey. “In the neighborhood, the payment industry is losing $10 billion a year from theft.”

Former deputy secretary of Homeland Security Jane Lute nods at a summit theme — we’re not talking about prevention anymore. “There are a number of things we can do way off stream, and they’re easy to do, relatively easy to do — basic hygiene we can do, but we’re not doing.” She adds, the awareness of the financial sector is incredible. “In the sector of critical infrastructure, not all are up to speed as the financial sector … there’s still a lack of knowledge, and a lack of practice.”

'Offensive posture,' the new cyber defense?

“This is a very dangerous time for us, an incredibly dangerous time for us,” says Congressman Rogers, on the live stream.

Gen. Michael Hayden says of cyber defense, “You can’t do this with just a shield, you have to have a sword.”

Microsoft’s Craig Mundie says that the last 12 months have been about qualitative change. “Unlike conventional weapons, anytime anyone shoots something in the world, all the bad guys in the world watch, and then figure out how to clone it.” The era of a purely defensive mode is over, says Mundie.

“While i think hygiene is important, people now have to be much more disciplined to figure out how they’re going to protect their personal information, as well as their core assets as a business,” Mundie says.

Mundie cites a health space analogy for what companies and government bodies need in a vulnerable cyber world. He says we need a World Health Organization equivalent for networks. ”This is where I think government has a role to play,” Mundie says. “If all governments are late to the party, you do have the tendency for the private sector to come forward. In the U.S., it’s vigilantism, it’s illegal to chase bad guys up the wire and certainly illegal to shoot back. In this country, we expect the government … It’s kind of crazy, as a society we’re going to have to figure out some of these things.”

Rogers responds that the U.S. network is different. “I am very concerned in getting into the notion of unleashing companies to go into an offensive posture …we don’t have the capabilities to handle what’ll come.”

Cyber security in a post-Snowden environment

Talking Edward Snowden on the livestream, Congressman Rogers claims that Snowden’s leaks created “significant,” in many cases “irreversible,” damage to national security.

“Somebody who gets to see all of it… Raises concern that there may have been help in his search queries and some of his search methods,” Rogers says.

Craig Mundie, Microsoft’s senior adviser to the CEO, says ”There’s almost a hysteria, not just in the U.S., but globally, how much has been taken, but from who.”

Mundie says there’s no way for a company to distinguish that it being surveilled or not. His takeaway for the audience:

“It’s important to tell people to parse the different threats. There are so many things that live under this banner, cybersecurity. It’s important to take each constituency, what is the real threat, what is the likelihood that it’s going to affect you as a business or you as a person … Most people in the discussion today don’t focus on virtually every government does these same types of things, with less discretion than the U.S.”

Mike Rogers says of government shutdown, 'You don't mess with your neighbor's money'

“There are few topics more urgent today in Washington as cybersecurity,” says Washington Post Live editor Mary Jordan.

She introduces Washington Post syndicated columnist David Ignatius, moderating our first panel of the morning — “The Road Ahead in Cyber Defense: Public and Private Partnerships.”

The panelists:

  • Rep. Mike Rogers (R-Mich.), chairman of House Intelligence Committee
  • Gen. Michael Hayden, former CIA director, former NSA director
  • Craig Mundie, senior adviser to the CEO, Microsoft Corp.

“So many of us are anxious as to what is happening in Washington,” Ignatius says. He asks Congressman Rogers to touch on the government shutdown.

“I always believe there’s a time to campaign and a time to govern,” Rogers says, adding that those lines have blurred.

“Here’s the good news, I think there are a lot of conversations with different members as to how to move forward,” he says. ”I think we’re going to get through this. It’s going to make making sausage look pretty.

Rogers says he doesn’t want to understate the huge political divides.

“The big challenge to us is you have a continuing resolution and a debt limit,” he says. ”It’s my hope that we can at least get a temporary CR … You don’t mess with your neighbor’s money.”

'Weakest cybersecurity link starts with you, and with me'

On the live stream now: Charles Croom, vice president of cybersecurity solutions at Lockheed Martin.

“I’m here to say the weakest cybersecurity link starts with you and with me. At your desktop. Stop. Think. Connect.”  Croom reminds the audience in the room that October is cybersecurity awareness month. “We all stand to be more aware and vigilant to protect our data and personal information.”

*Lockheed Martin is a Washington Post Live event sponsor.

#Cybersec2013: Join the conversation

Welcome to Washington Post Live’s 2013 Cybersecurity Summit. Our program begins at 8:30 a.m.  – with conversations addressing cyber risks and the future of cyber defense. We’ll conclude the conference with a simulation war game demonstrating the plausibility of a real life cyber attack.

Chairman of the House Intelligence Committee Mike Rogers (R-Mich.) , former CIA and NSA director Gen. Michael Hayden, former deputy secretary of defense William J. Lynn III, Visa’s chief enterprise risk officer Ellen Richey and Microsoft’s senior adviser to the CEO Craig Mundie are among the leading national security and industry experts who will be taking part.

Live stream viewers, join the conversation with the hashtag #cybersec2013.


Load More
No More Posts
Comments
Most Read
Comments
Comments
×
Liveblog Comments
Comments