William F. Pelgrin
Each year, there are thousands of new vulnerabilities, worms and viruses reported, as well as new phishing schemes, sophisticated denial-of-service attacks and botnets. The incessant din of cyberattacks is deafening, and it’s increasing in severity and complexity.
We must continually strive to detect and protect against these malicious acts, especially when the cost to respond and recover is typically more expensive than preventative mechanisms.
But how can we do that? By taking three steps that should be high on every government agency’s list: sharing information between and among the public and private sectors, finding creative solutions to meet our challenges and changing the culture of our organizations.
STEP 1: SHARE INFORMATION
We can arrive at new solutions only by communicating and sharing information. When we don’t share important information, we severely limit our ability to learn from each other, as well as our ability to minimize potential damage from an event by alerting others so they can respond adequately. We have to move away from the shame-and-blame game. If we don’t, we will all lose.
STEP 2: FIND CREATIVE SOLUTIONS
As cybersecurity schemes grow more sophisticated, we must become more creative in our approaches to combat them. The natural response to clever, new scams is to lose faith in the technology systems on which we’ve come to rely. Technology, which has always been a great enabler to do business and communicate faster and more efficiently, is now being used against us. For example, social engineering techniques trick us into thinking that e-mails come from friends and business colleagues, and millions of us fall prey to the worms and viruses embedded in such messages.
Just think of the ramifications of daily business if you can’t trust the documents you receive electronically. I recently heard someone say to a customer, “If it is really important, fax it to me.” That is unacceptable.
We have to find solutions that keep technology as the enabler. One approach will be through e-mail authentication. The challenge is to authenticate in a cost-effective and user-friendly way.
STEP 3: CHANGE ORGANIZATIONAL CULTURE
As important as addressing current cyberchallenges is, we also need to look to the future. In order to make long-lasting changes in our organizations, we must focus on changing the culture.
Having strong executive support within your organization is key. In New York State, Governor George Pataki has been a strong advocate for cybersecurity. His establishment of my office—which was designed to provide a single entity for cybersecurity issues—is one of the many programs he supports to ensure our readiness and response.
In addition to changing the existing culture in our organizations, we also have to instill this understanding in future generations. The free flow of information available via the Internet, coupled with the perceived anonymity of Internet use, contributes to the loss of a sense of right and wrong in the digital age.
We live in a time when some children believe it is fair to download copyrighted music, or that it is a rite of passage to be a script kiddie (someone who uses scripts that are available)