Think back over the recent history of high-profile cyberattacks. Target, Sony, CENTCOM, celebrity nude photos, to name a few, but the list goes on. It’s starting to seem like every time we open our news portals, there’s word of yet another breach in cybersecurity.
Chris Dorobek, host of the podcast DorobekINSIDER, recently interviewed a leading expert on cybersecurity, David Shearer. He recently became the Executive Director at (ISC)2, a nonprofit devoted to cybersecurity education and training. Shearer spoke with Dorobek about the importance of putting an end to hacks immediately, permanently and on an international scale.
This issue is hugely significant for our government, Shearer explained because federal agencies rely heavily on embedded IT information on a daily basis. “The list goes on and on of agencies out there that have a very complex mission to deliver, and embedded IT and information security are responsible for securing it,” Shearer explained.
The services the government offers to citizens are largely reliant on information seemingly secured online. As well as the obvious ones such as police records and public transportation, other potential hacks include air traffic control, hydroelectric power dams, firefighting, and coast guard search and rescue services.
And yet, with all of the vulnerabilities that exist and crises that have arisen in recent years, Shearer wonders, when will the nation be incensed enough to take real action? “We haven’t reached a critical mass or a tipping point within society that says that we have to hold a higher bar,” warned Shearer. “We’re just wondering when the big event is going to happen.” And, what will we lose in the meantime?
So, at the helm of (ISC)2, Shearer is planning to bring this issue to more of a forefront globally.
The first prong of his strategy is education. People need to be made more aware of the dangers that exist regarding cybersecurity, and the need for it to be made a national and international priority. This includes getting more professionals into the field of cybersecurity through partnerships with colleges and universities to raise familiarity with the existence of cybersecurity as a career option.
Also, Shearer acknowledged the challenge of the private sector vs. public sector pros and cons. Freedom in terms of funding is drawback for federal employees, because funds are limited, and the funds can only be used in certain ways, due to the Code of Federal Regulations. And, of course, in the private sector, the pay is higher. “Money is obviously attractive,” explained Shearer.
Shearer’s organization doesn’t stay within country lines – it has an international focus too. Which makes sense, because cybersecurity breaches don’t obey the lines of national policies and regulations. That fact makes his job harder, but he’ll be pushing (ISC)2 to be context-specific, focusing on local needs and priorities within a larger framework of global cybersecurity.
So, Chris’ conversation with Shearer leaves us wondering: will we take action now and prevent cyberattacks, or will we wait until the biggest breach in history, and suffer the consequences?