With the White House Summit on Cybersecurity and Consumer Protection still fresh in everyone’s minds, I thought I’d share a few more comments on some of the proposals that are front and center on the Summit agenda.
The Cybersecurity Framework
The framework looks like a reasonable starting point for an organization to use to get a cybersecurity program started or focused on the right things. With big companies like Apple, Bank of America, AIG, QVC and Kaiser Permanente committing to use this framework, it shows both small businesses are large corporations can effectively communicate and share ideas on cybersecurity.
Rapid information sharing is an essential element of effective cybersecurity because it ensures that U.S. companies work together to respond to threats, rather than operating alone. This Cyber Summit Executive Order lays out a framework for expanded information sharing designed to help companies work together with the federal government to quickly identify and protect against cyber threats. From removing barriers, to helping to improve the delivery of timely and relevant intelligence to the private sector, to advocating for needed legislation, companies like Intel, Symantec, Crowdstrike, and Box are committed to improving information sharing and collaboration with the private sector.
Secure Payment Technologies
On the credit card tokenization front, this tries to address some of the problems America has had over the past year (Target, Home Depot, Anthem, etc). The idea is that by tokenizing credit cards in transactions, it makes the footprint of attackable sources for getting the actual card numbers smaller. This is a good thing. But there are two potential unintended consequences in my view:
- It will make credit card data stores higher value targets, essentially upping the ante for those kinds of attacks on card processors, etc. The reason is that tokenization doesn’t solve the fundamental issue that the credit card number itself has value without any other factor. So someone has to store those numbers somewhere and that somewhere will be a high value target.
- I think it will further push up the value on non-credit card personal data, like healthcare data, which is already considerably more valuable than card data, as the effort and risk equations for the criminals will start to lean toward it being easier to steal an identity in order to get a new card issued than to steal an existing card and use if for fraud.
- In order to replace the password as our primary means of security online, we must have new technologies that combine greater security and convenience. This technology moves beyond usernames and passwords to employ multiple security steps to better ensure a person is who they say they are.
- Through the National Strategy for Trusted Identities in Cyberspace, the US Government has invested more than $50 million over the past four years to advance this market in partnership with the research and development community and technology firms.
The Cybersecurity Summit marks a milestone in our Nation’s efforts to strengthen its cyber defenses. It provides an opportunity to discuss what we have accomplished to date and to highlight immediate commitments that the Federal government and the private sector are making to improve the security of cyberspace. However, in cybersecurity, we can never rest on past achievements. Therefore, even as we and the private sector make good on these commitments, we need to keep moving forward. We will continue to focus on strengthening the defenses of our critical infrastructure and government networks, improving our ability to disrupt, respond to, recover from, and mitigate malicious cyber activity, enhance our international cooperation, and shape the future of cyberspace to be inherently more secure. And we look forward to doing this in close collaboration with our private sector partners.
CNS has been on the forefront of technology for over 25 years. We are not some pop-up company that thinks they know about security, we are the IT company. We were around before the first computer virus, and we’re here when you need us. Contact Capital Network Solutions today for all your IT support needs. Call us at 916-366-6566 today!