December 12th, 2012
Why You Should Invest In Keeping Attackers Out
Cybersecurity isn’t a line item or a project—it’s an Information Age imperative. Sophisticated digital defense aims to match the human body, with hardware and software doing digitally what biology does chemically—sorting the pernicious from the beneficial, while keeping systems running at light speed.
Dr. Phyllis Schneck is the Global Public Sector CTO of anti-virus titan McAfee, which is now a part of Intel. Schneck was named the 2012 Lattanze Executive of the Year by Loyola University’s Sellinger School of Business—an honor that recognizes her efforts to both probe and prop up our nation’s Internet security.
Dr. Schneck pays frequent visits to Capitol Hill to point out the urgency of leadership on cybersecurity. Her background in the private sector and FBI give her the cred to testify about what the bad guys are up to and how we can thwart their plans. And the kind of work she’s doing at McAfee and Intel to bring in-chip security to a growing array of devices will continue no matter how much DC gets bogged down in politics (the Senate swatted down a major bill to prevent cyberattacks on US infrastructure before breaking for the August recess).
Telling Friend from Foe in Microseconds
If a bad actor can get into the protected memory that sends the computer its instructions, Schneck says, it’s theirs: “That’s how you weave in and out.”
Your data is your kingdom. Hackers are looking to breach the castle walls and shoot the guard, and then they plan not only to take the crown jewels—they’ll also betray your friends and befriend your foes, all while pretending they were you.
McAfee’s work with Intel is co-design that lets cybersecurity work at the chip level, second-guessing that infiltrator’s intentions by asking incoming program messages to show what they would do, not just what their friendly-sounding name is (note: running smile.exe will not make you smile). This protective layer of software virtualization plays out the disaster before it starts, thus keeping the attacker’s plan from unfolding in real life.
You have to understand that incoming threats can originate from anywhere. That’s why detection and rejection aren’t just steps that happen inside your device. “We have the opportunity to advise our customers at machine speed not to take the traffic,” Schneck says. That comes from global threat intelligence, like knowing which machines are carrying malicious intelligence in which parts of the world.
This is a people business with a lot of indicators to watch. Figuring out where financial crises may spawn get-rich-quick schemes or where governments have trained cyberspies who now work as mercenaries helps the good guys ensure your global links don’t patch you in to digitally delivered ruin.
Remote Control Mayhem?
It’s a great credit to the technology and business community that we have computer power and connectivity in so many devices nowadays. You can turn lights off at home after you’ve already lifted off on vacation and transact everything from credit card swipes to check deposits with a simple smartphone scan. But that new awesomeness is also new openness to risk.
Take heating and cooling. Web-linked monitoring delivers real-time data that can create huge savings in buildings of all sizes. But Dr. Schneck points to the link between the human brain and the computer brain, and how drastically control has shifted: “These systems weren’t built to be connected to the Internet. One guy in his overalls knew how they worked and [the company] trusted him. Now they’re exposed to the whole world.”
More and more, the adversaries who do get past the first line of defense are being prevented from executing instructions thanks to the buffer of virtualization. Intel and McAfee are moving to stay ahead of the bad guys, but it all boils down to good cyber hygiene and the good guys communicating.
“It’s not just a game for the nerds, and it’s not just tech,” Dr. Schneck emphasizes. “There are lots of smart people who can’t get taken seriously in the boardroom and others who can’t get taken seriously in the control room.”
Execs need to get the drift before it’s a disaster, so threat awareness should be blended with decision-making. Rather than boxing in cybersecurity as an IT budget issue, you know that funds will come from the board via the CFO, so cyber knowledge should be peppered across those areas.
At one point or another, everyone is in charge of cybersecurity, and individual responsibility for cyber hygiene is critical. “Your personal stuff is a stepping stone to a corporate network,” Dr. Schneck reminds us. And don’t think you’re exempt from concern because your business is boring: “There isn’t any rhyme or reason to what the adversaries want.” Yet there’s plenty of logic for you to invest in keeping them from getting it.