Adopting A Cooperative Global Cyber Security Framework To Mitigate Cyber Threats (Before It Is Too Late)

Adopting A Cooperative Global Cyber Security Framework To Mitigate Cyber Threats (Before It Is Too Late)

The recent OPM cyber breach at the U.S. Government’s Office of Personnel Management (OPM) provided a wakeup call to the seriousness and sophistication of the cyber security threat aimed at both the public and private sectors. The fact is that over 43% of companies had breaches last year (including mega companies such as Home Depot, JPMorgan, and Target). Moreover, the intrusion threats are not diminishing. For example, British Petroleum (BP) faces 50,000 attempts at cyber intrusion every day.

According to the think tank Center For Strategic and International Studies (CSIS), cyber related crime now costs the global economy about $445 billion every year. These cyber security breaches demonstrate that there is a continued need for protocols and enhanced collaboration between government and industry.

In 2014 code vulnerabilities such as Heartbleed, Shellshock, Wirelurker, POODLE and other open source repositories caused chaos and harm.  The cyber security community responded to those vulnerabilities with “react and patch”. Unfortunately this means of response has been for the most part, a cosmetic or band aid approach.

The cyber security community’s posture must change to one of wait and react to that of being proactive and holistic. It is not really a question of which policies, processes and technologies are ready and best, that will always be debatable. Being proactive means adopting a working Industry and Government Global Cyber Security Framework that would include measures for encryption, authentication, biometrics, analytics, automated network security, and a whole host of other topics related to cyber threats specifically, a possible framework of priorities should include Industry and Government Priorities:

  • Defining and monitoring the threat landscape
  • Risk Management (identifying, assessing and responding to threats- i.e. NIST Framework: Protect,Detect, Respond, Recover)
  • Protecting critical infrastructure through rapid proto-typing of technologies and Public/Private cooperation
  • Modernizing security Architectures
  • Better encryption and biometrics (quantum encryption, keyless authentication)
  • Automated network-security correcting systems (self-encrypting drives)
  • Technologies for “real time” horizon scanning and monitoring of networks
  • Access Management and Control
  • Endpoint protection
  • Diagnostics, data analytics, and forensics (network traffic analysis, payload analysis, and endpoint behavior analysis)
  • Advanced defense for framework layers (network, payload, endpoint, firewalls, and anti-virus)
  • Enterprise and client Network isolation to protect against malware, botnets, insider threats
  • Practice Areas
  • Mobility and BYOD security
  • Big data
  • Cloud
  • Predictive analytics
  • Interoperability
  • Privacy and regulation trends
  • Resiliency
  • Emerging Technology Areas
  • Internet of Things (society on new verge of exponential interconnectivity)
  • Wearables
  • Drones and Robots
  • Artificial intelligence and Machine learning
  • Augmented and Virtual Reality
  • Quantum and Super Computing (D-Wave, Google)
  • Smart Cities
  • Connected transportation
  • Nanotechnologies and new materials conductivity, neuromorphic chips
  • System interdependencies: monitoring and protecting the supply chain
  • Wireless Mobility – banking, payments, commerce, health, entertainment. Tokens, biometrics, and Chip cards can be used for identity Management

A real challenge in cyber security has been to get democratic governments, agencies, associations, and industry to cooperate in an open and shared manner. Results have been mixed at best. Perhaps enactment of a general working framework, global (at least among Western allies) under pinned with a willingness for cooperation can serve as a catalyst for action. Our economic and security interests require collaboration and a decisive plan of action before it is too late. The security measures and technologies do already exist and can be integrated and improved. Waiting an reacting will no longer suffice as a strategy

This article first appeared on

Have Your Say: