Online Security and Safety in Government, Industry and Civil Society - A Special Report Published by e Washington Times Special Sections ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
CYBERSECURITY
2018
Online Security and Safety in Government,
Industry and Civil Society
A Special Report Published by The Washington Times Special Sections Department and Salute to Veterans
Cybersecurity 2018: Online Security and
Safety in Government, Industry and Civil Society
Innovation, modernization key to U.S. cybersecurity leadership..................................... 3 Global cooperation of ‘utmost importance’ for a stable cyberspace...............................17
Sen. Jerry Moran Ambassador Marina Kaljurand
New bipartisan law will finally ‘retire’ outdated U.S. computer systems.......................4 Painful cyberattacks driving demand for security................................................................18
Sen. Tom Udall Lenore Hawkins and Chris Versace
Stop WannaCry’ing? Step up leadership on cyber hygiene.................................................4 Cybersecurity and elections: Are we ready for November?....................................................19
Joshua Corman Rep. Yvette Clarke and Rep. Terri A. Sewell
Salute to Veterans Series: Inspiring success, insightful discussion, resources, West Point’s Army Cyber Institute: Developing the cyber leadership model............20
solutions and cybersecurity careers for our 22 million veterans...................................... 5 Col. Andrew O. Hall and Lt. Col. Terence M. Kelley
Cyrus Zol
PREPARED BY THE WASHINGTON TIMES Special SectionS DEPARTMENT AND SALUTE TO VETERANS
‘Zero Trust’ computer policy: A timely solution................................................................... 21
Reducing security risk by protecting enterprise applications...........................................6 Howard P. “Buck” McKeon
Justin Somaini
Federal cyber leadership should be bipartisan......................................................................22
Preparing now for safe, secure self-driving cars and other Rep. Gerry Connolly
innovative technologies.....................................................................................................................8
Rep. Bob Latta Our nation’s counties, cybersecurity and ransomware.......................................................23
Dr. Alan R. Shark
Time’s up for poor cyber hygiene.................................................................................................9
Rep. Anna G. Eshoo Too small to get hacked? Think again .......................................................................................24
Maria Roat
The 3 prongs of a sound cybersecurity strategy........................................................................ 10
Rep. Robin Kelly Veterans wanted! Cyber career opportunities abound for veterans.............................. 25
Karen S. Evans
Fighting cybercrime: A shared responsibility for the nation, home
and workplace...................................................................................................................................... 11 Cyber deterrence remains a missing piece of U.S. cybersecurity...................................26
Gary McAlum Leo Taddeo
Effective national policy needed to protect the cyber domain ...................................... 12 Human phish-bait: Why people are the weakest link in our cyber defense ..............27
Rep. Doug Lamborn Tom McAndrew
How tech can address the greatest security challenges of our time...............................13 U.S. ingenuity created the Internet; can it keep it safe and secure?................................28
Gary Shapiro Rep. Mike Gallagher
Safeguarding Americans’ data in federal agencies.................................................................14 Chinese information warfare: ‘The Panda That Eats, Shoot, and Leaves’................... 28
Rep. John Ratcliffe Bill Gertz
REPORTTIMES
America’s Air Force: Defenders of air, space and cyberspace................................................14 For cybersecurity problems, seek bottom-up solutions ....................................................30
Maj. Gen. Robert J. Skinner Andrea O’Sullivan
WASHINGTON
Preparing our nation for 21st century challenges in the digital age................................15 Cybersecurity: Is anything really safe?...................................................................................... 31
Rep. Elise Stefanik
A SPECIAL
Steve Durbin
| THE
The 5th domain: Cyber defense needed in the 21st century..............................................16
Rep. Adam Kinzinger
Monday • January 29 • 2018
Cheryl Wetzstein Larry T. Beasley David Dadisman Patrick Crofoot
Special SectionS Manager preSident and ceo general Manager graphicS SuperviSor
Advertising Department: Thomas P. McDevitt Adam VerCammen
202-636-3062 chairMan director of advertiSing & SaleS
Special Sections are multipage tabloid products that run in The Washington Times daily newspaper and are posted online and in PDF form on its website. Sponsors and
advertisers collaborate with The Times’ advertising and marketing departments to highlight a variety of issues and events, such as The Power of Prayer, North Korea’s
Nuclear Threat, Gun Rights Policy Conference and Rolling Thunder Memorial Day Tribute to Veterans. Unless otherwise identified, Special Sections are prepared separately
2 SPECIAL SECTIONS and without involvement from the Times’ newsroom and editorial staff.
Innovation, modernization key to U.S.
cybersecurity leadership
tied the hands of agency CIOs in their programs across all federal agencies in bicameral support the MGT Act re-
efforts to modernize their IT sys- the interest of national security. Addi- ceived through its enactment and look
tems in an efficient fashion. The U.S. tionally, a well-trained cyber workforce forward to working with my colleagues
Government Accountability Office’s capable of upholding and supporting and the White House Office of Ameri-
(GAO) 2015 High-Risk Series report comprehensive, interoperable fed- can Innovation on more legislation so
highlighted several issues it deemed eral government systems will prove America remains the most secure high-
critical to improving IT acquisition. to be critical to this mission, paired tech country in the world. We know
Specifically, the report stated that
about 75 percent of the $80 billion the
federal government spends annually
on IT investments is spent operating
and maintaining outdated and unsup-
ported legacy systems — draining
taxpayer dollars and creating major
cybersecurity vulnerabilities at home
A SPECIAL REPORT PREPARED BY THE WASHINGTON TIMES Special Sections DEPARTMENT And
and abroad.
Earlier this Congress, I joined a
I
By Sen. Jerry Moran
number of my colleagues in writing to
n recent years, it has become clear the 24 federal agencies covered by the
that the world of cybersecurity is Chief Financial Officer (CFO) Act, in-
rapidly changing — cyberattacks cluding the Department of Defense and
are not only growing in volume, the Department of Homeland Security,
but also in complexity. As chair- requesting updates on the moderniza-
man of the Senate Commerce tion of their mission-critical systems.
Subcommittee on Consumer Protection, Unfortunately, the majority of agency
Product Safety, Insurance, and Data responses indicated that they operated
Security, I’ve convened hearings and numerous insecure legacy systems.
publicly questioned private corpora- President Trump and his admin-
tions to determine what protections and istration have dedicated a plethora
practices they have in place to better of resources to improve in this space
protect their customers’ personal and through the president’s establishment
financial data. of the White House Office of American
In 2015, the U.S. Office of Person- Innovation, which has helped guide
nel Management (OPM) experienced critical executive orders to update
a breach that exposed the personally aging systems.
identifiable information of tens of Further, with the support of the
millions of Americans. The danger administration, I partnered with
that results from compromising the Senator Tom Udall of New Mexico to
federal government’s data cannot be introduce the Modernizing Govern-
overstated, and as companies must do ment Technology (MGT) Act last April
all they can to prepare for and prevent in the Senate after working together
hackers from gaining access to their on earlier versions in past Congresses.
customers’ information, the federal The MGT Act establishes IT working
government must do the same. capital funds at the 24 CFO Act-eligible
As advancements in information agencies and allows them to use sav-
technology (IT) continue to shape our ings obtained through streamlining
THESalute To
nation’s evolving needs related to na- IT systems, replacing legacy products
WASHINGTON
tional security, economic competitive- and transitioning to cloud computing
ness, communications, health care and for further modernization efforts for
privacy, the federal government must up to three years. The bill also sets up
keep pace with these changes through a separate, centralized modernization
Veterans
flexible, expeditious and results-driven fund within the Department of the
TIMES
decision making. Treasury for the head of the General
In 2014, Congress enacted the Fed- Services Administration (GSA) to
| Monday • January 29 • 2018
eral Information Technology Acquisi- administer across the federal govern-
tion Reform Act (FITARA), which ment in consultation with a federal IT illustration by linas garsys
took the first step toward reforming expert board.
the way our federal agencies make It is only fitting that the MGT Act
IT decisions. FITARA makes certain was signed into law last year as part with competitive science, technology, the threats are real, and we must con-
that subject matter experts are part of the National Defense Authoriza- engineering and math (STEM) educa- tinue to innovate to remain the world’s
of decision-making processes and en- tion Act for FY2018, as cybersecurity tion programs that we must continue leader in cybersecurity defense.
hances covered agency chief informa- policy is increasingly interwoven to prioritize.
tion officers’ (CIOs) authorities related into comprehensive national security My goal is to continue promoting Sen. Jerry Moran, Kansas Republican,
to agency modernization initiatives in discussions. As a member of the Sen- modernization and security in the is Chairman of the Senate Commerce,
budgeting and planning processes. ate Appropriations Subcommittee for federal government’s IT systems. As Science and Transportation Subcom-
Still, a stringent and cumbersome Defense, I will continue to prioritize we recognize Data Protection Day on mittee on Consumer Protection, Product
budgeting and acquisition process has robust resources for cybersecurity January 28, I appreciate the bipartisan, Safety, Insurance, and Data Security. 3
New bipartisan law will finally
‘retire’ outdated U.S. computer systems
secure. new law will finally bring the federal major modernizations. And the MGT
The only government building that government’s IT systems into the 21st Act establishes a centralized fund that
should have a computer system from century. agencies can access to pay for major IT
the 1960s is the Museum of American Right now, the federal government overhaul projects.
History. But across the federal govern- spends $80 billion a year on IT — but In total, the MGT Act will save
ment, agencies continue to depend on a whopping 75 percent of that money taxpayers up to $20 billion a year. And
grossly outdated information technol- is being spent to maintain so-called as it saves taxpayer money, the MGT
ogy (IT) systems to function. “legacy” systems that are no longer Act will also give federal agencies the
The government’s ongoing reli- functional or up to the task. And agen- tools they need to tackle dangerous
ance on out-of-date technology comes cies haven’t had any incentive to limit cyber vulnerabilities and better protect
at a time when hackers from across waste — or to modernize or innovate Americans’ data from cyberattacks.
the globe are orchestrating ever-more the way they work. The bipartisan, commonsense MGT
sophisticated cyberattacks to target the The MGT Act will give federal IT Act will ensure that we’re getting
American people. If you’re one of the managers the flexibility they need to better service at a better value for the
millions of Americans whose sensi- make strategic IT investments and American people.
tive information was caught up in the decisions. The law will free agencies And it will help take those outdated,
PREPARED BY THE WASHINGTON TIMES Special SectionS DEPARTMENT AND SALUTE TO VETERANS
Yahoo!, Equifax or Office of Personnel to pursue modern IT solutions like antique computer systems out of gov-
By Sen. Tom Udall Management (OPM) breaches, then cloud computing, which can offer more ernment offices — and put them in the
T
you know how serious and complex flexibility, better efficiency and faster history museums where they belong.
he Internal Revenue system these attacks have become. processing time than the systems we’re
is using a nearly 60-year-old Our obsolete federal IT infrastruc- currently stuck with. Sen. Tom Udall, New Mexico Demo-
computer code to process ture is expensive, it’s wasteful, and In addition, the MGT Act cre- crat, serves on the Senate Appropria-
tax returns and to maintain it’s dangerous. And fortunately, we’re ates new flexible funding options for tions Committee; Senate Committee
highly sensitive taxpayer finally taking action to fix it. federal agencies to modernize their IT on Commerce, Science and Transpor-
information. Last month, after lots of hard work systems — and incentivizes agencies tation; Senate Committee on Foreign
You read that correctly: The IRS behind the scenes and across the aisle, to eliminate waste. The law enables Relations; Senate Committee on In-
relies on a computer system from Senator Jerry Moran of Kansas and I agencies to put the money they save dian Affairs; and Senate Commit-
the 1960s — the days of the Kennedy celebrated the enactment of our land- every year into a working capital fund, tee on Rules and Administration.
administration — to get you your tax mark, bipartisan Modernizing Govern- which can then be used to pay for long-
refund and keep your personal data ment Technology (MGT) Act. This overdue technology improvements and
Stop WannaCry’ing?
Step up leadership on cyber hygiene
outlier can have a profound and asym- Industry Cybersecurity Task Force. preparedness and corrective actions.
metric impact on human life, economic While we all knew the situation was Over the last 30 years, we have been
and national security. quite dire, the headline of our summary reluctant to regulate software and IT.
We need to find political will to lead graphic correctly and candidly stated: There are a number of concerns that
on cybersecurity affecting public safety. “Healthcare Cybersecurity is in Critical have fueled this — some valid, some
We need to find it now. Condition.” Within weeks of the June now less so, and some never were. The
As society increasingly depends 2017 final publication of our findings, chief concern has been a fear that such
REPORTTIMES
upon technology, the importance of the WannaCry ransom worm took out actions might “stifle innovation and
effective cybersecurity must evolve 81 United Kingdom hospitals in a single hurt the economy.” Malware attacks like
WASHINGTON
in kind. In the case of connected cars, day — over 40 percent of their national Mirai launched from the long tail of low-
connected medicine, Industrial Internet capacity. The U.S. got very, very lucky. cost, low-hygiene IoT devices showed
of Things (IoT), oil and gas, smart cities Worse, time is the enemy. There us that a failure to regulate IT can “stifle
A SPECIAL
and the like, the consequences of failure is notoriously slow movement in the innovation and hurt the economy.”
will bleed into public safety and human relay race of public policy, regulation, Uncomfortable truths command
| THE
life. We must be at our best. research and development, buying uncomfortable responses. If we want
There is a promise and a peril to con- cycles and deployment lifespans for to see something different, we need to
Monday • January 29 • 2018
nected technologies. Medical innova- safety critical technologies. We cannot incentivize something different.
By Joshua Corman tions are increasing access, reducing wait for such a crisis to initiate neces- We have technical solutions for many
costs, improving care and enabling sary hygiene. Moreover, under duress, of our exposures. What we have lacked
“Our dependence on connected tech- breakthroughs. But if we’re cavalier such reactions are often hurried and is motivation and will. In October, I
nology is growing faster than our ability about the perils, a single exotic death more prone to introducing unintended testified to the House Oversight and
to secure it — in areas affecting public could trigger a crisis of confidence in consequences. Government Reform subcommittee on
safety and human life.” — the public or medical professionals to We need to be more mature in our Information Technology about Virginia
@iamthecavalry trust these otherwise superior technolo- posture toward technology and account- Democrat Sen. Mark Warner’s IoT
Through our overdependence on gies. We must be conscientious and ability. Much debate over regulating cybersecurity bill, which seeks more
undependable information technology proactive in managing these perils. technology sounds a good deal like “fire hygienic IoT for federal use. The House
(IT), we have created the conditions I had the privilege to serve on the bad!” Clutching to clichés and talk-
4 such that the actions of any single Congressionally mandated Health Care ing points is burning valuable time for » see CORMAN | C8
Salute to Veterans Series:
Inspiring success, insightful discussion, resources, solutions
and cybersecurity careers for our 22 million veterans
and working under pressure to meet 2009, more than 350,000 veterans have Legendary businessman and philanthro-
deadlines, our nation’s heroes are well earned postsecondary certificates and pist Warren Buffett warned last year
equipped to step into and excel in cyber- degrees through the GI Bill. that cyberattacks are a top priority that
security roles. • The SANS Institute is the largest needed to be addressed worldwide and
The cybersecurity field is full of op- source for information security train- that “I don’t know that much about cyber,
portunity for veterans, with or without ing and security certification in the but I do think that’s the number one
degrees, and cybersecurity professionals world. The SANS Institute provides problem with mankind.”
report an average salary of $116,000 per training for defending systems and The U.S. veteran population can posi-
year — almost triple the average salary networks. The training can be admin- tion themselves for success, given their
nationwide. More resources should be istered in a class with SANS-certified mission-critical military experience and
established and maintained to ensure instructors through online education knowledge of security procedures, into
our troops and vets know how to access or in mentored settings, reaching this ever-growing field.
this information when seeking jobs in more than 30,000 people in the U.S. Now is the time.
these fields. The U.S. is projected to have and internationally. In 2015, SANS
A SPECIAL REPORT PREPARED BY THE WASHINGTON TIMES Special Sections DEPARTMENT And
500,000 unfilled positions within cyberse-
curity by 2021, but with our service men
and women constantly returning to civil-
By Cyrus Zol ian life, this should not be our forecast.
T
The timing is crucial for our veter-
he Salute to Veterans Series ans and military service members to be
delves into the top issues that aware of some of the resources, oppor-
our veterans and troops face tunities and solutions that are available
daily. The TV series features to them within the promising cybersecu-
vibrant discussions and rity industry. We can all do our part by
provides advice and solutions spreading the word, both in person and
from distinguished veterans who are also in our daily communications, about this
successful businessmen, community lead- exciting opportunity for our nation’s well
ers and were accomplished college and/ trained and highly capable veterans, to
or professional football athletes: Rocky continue protecting our nation through
Bleier, Bryce Fisher and Greg Gadson. defending our nation’s networks.
Their personal stories of overcoming The internationally broadcast Salute to
professional and personal setbacks fol- Veterans TV program for 2018 is hosted
lowing military service, while embarking by PBS NewsHour anchor Lisa Dejardins
on a fulfilling career path using the tools and is just one of many available channels (From left to right), PBS NewsHour Anchor Lisa Desjardins, Rocky Bleier U.S. Army Veteran,
they learned in the service and on the of information available to our troops and 4-time Champion with Pittsburgh , Greg Gadson U.S. Army Veteran, Honorary Captain &
football field, paints a picture of promise vets. Here are a few others: 2-time Champion with New York and Bryce Fisher U.S. Air Force Veteran, 1-time Champion
to our nation’s veterans. They offer strate- • The Department of Homeland Secu- Runner Up with Seattle
gic insight and instruction to those troops rity (DHS) is offering several free re-
and vets who will be transitioning into sources to veterans looking to expand
civilian life and facing unemployment their education and knowledge within launched its first VetSuccess Acad-
or underemployment, seeking educa- the growing field of cybersecurity, emy, giving veterans the opportunity
tional advancement, changing careers, with free on-demand video train- to receive advanced technical training,
becoming entrepreneurs and seeking ing, scholarship opportunities and GIAC certifications, and employment
career growth opportunities, namely, in a free, downloadable guide entitled opportunities among leading compa-
cybersecurity. “Veterans Cybersecurity Training and nies offering exciting cybersecurity
THESalute To
This is just one important focus of Education Guide.” careers. Cyrus Zol is creator of the Salute to
WASHINGTON
the Salute to Veterans broadcast, which • Veterans are able to log onto DHS’s Veteran employment has greatly im- Veterans Series, a televised series cov-
intentionally airs on military and patriotic free cybersecurity training through proved nationally; however, hundreds of ering the top issues that our veterans
holidays when awareness for our troops the Federal Virtual Training Environ- thousands of transitioning service men and troops face daily, including veteran
and vets are raised. ment (FedVTE) and review some and women will continue to enter the employment and cybersecurity opportu-
Veterans
Cybersecurity among government, of the academic programs offered workforce over the next few years, many nities among our nation’s 3.3 million U.S.
TIMES
military, industry and consumers will through the National Centers of Aca- of whom are qualified to fill these many active-duty service members, reservists,
continue to be a major priority in our demic Excellence (CAE). open positions. A recent report from and 22 million veterans. The veterans’
| Monday • January 29 • 2018
lifetime. Cybersecurity career opportuni- • The Forever GI Bill’s expanded tu- ISACA found that 55 percent of organiza- series spotlights veteran success stories,
ties are growing rapidly in this country ition assistance will further advance tions reported that open cyber positions discussion and solutions for important
and 12 times faster than the overall job veteran opportunities within the take at least three months to fill while veteran issues and advocacy in advanc-
market; trained cybersecurity profession- lucrative cybersecurity field through 32 percent said they take six months or ing the interests of our nation’s veterans.
als are needed to defend the government removing the time limit to utilize ben- more. And 27 percent of U.S. companies The TV program is hosted by PBS New-
and private industry networks. For the efits and increasing tuition assistance said they are unable to fill cybersecurity sHour anchor Lisa Dejardins and airs
most part, veterans already have existing access among National Guard, Re- positions at all. during the military and patriotic holi-
skill sets to transition from defending servists and Purple Heart recipients. Overall, veterans have an understand- days nationwide and internationally to
the country to defending our networks • Veterans can seek cybersecurity ing of technology and IT through their our troops and their families serving in
through cybersecurity jobs. With our degrees that are becoming increas- training and military experience. With 174 countries and U.S. Navy ships at sea.
veterans’ highly sought-after traits of ingly offered at universities, colleges, the cybersecurity unemployment rate at Visit www.salutetoveterans.org for more
a strong work ethic, problem-solving community colleges and online edu- 0 percent, the timing is ideal for veterans information.
skills, teamwork, situation adaptability cational institutions nationwide. Since to enter the cybersecurity job market. 5
Reducing security risk by
protecting enterprise applications
previously unseen attacks. Our upcom-
ing generations of software should be
able to identify and prevent attacks from
within the application, store data in the
cloud, protect it from outside control,
and minimize vulnerability across the IT
landscape.
As public sector organizations con-
sider transforming their cybersecurity
strategies, there are several key steps
they should consider.
Take care of the basics. Breaches
are more likely when there is a consis-
tent lack of patch management, configu-
ration management, and log analysis.
PREPARED BY THE WASHINGTON TIMES Special SectionS DEPARTMENT AND SALUTE TO VETERANS
Implement mechanisms that
enhance visibility. Networks are more
By Justin Somaini complex than ever before, with digi-
R
talized businesses connected throughout
elentless threats from in- the value chain and executing as one. Se-
creasingly sophisticated at- curity solutions that increase cross-en-
tackers. Organized crime and terprise visibility can help organizations
rogue nation-states. Hacktiv- identify and stop malicious activity.
ism and new mechanisms Prioritize ease of use. Traditional
of compromise. Many years security solutions often created hurdles
ago, the prospect of these security chal- that compromised the protectiveness of
lenges seemed like something out of James Nothing could be further from the truth. the technology. With powerful security
Bond. Now I defend organizations from The solution to this problem is dou- features embedded in their applications,
these threats every minute of every day. ble-sided. Enterprise software vendors organizations can expedite and stream-
Cybersecurity is an endless journey need to employ more mature cybersecu- line protection.
for organizations, including government rity technologies. And decision makers Finally, get started identifying the
agencies at the federal, state, city, and need to make security a higher priority most sensitive data and transactions
county levels. Facing an ever-changing when choosing and deploying enterprise software that includes advanced security in your network and know where they
threat landscape, public administrations software. features, such as: reside. By combining enhanced security
know they need to protect IT systems Because SAP solutions handle the • Sophisticated 360-degree correla- knowledge with enterprise software that
and critical infrastructure. Less under- most sensitive data and transactions of tion analytics across the network, offers security at the application layer,
stood, however, is the need to secure more than 300,000 of the world’s largest endpoints, applications, and data. you can better defend your organization
enterprise software applications and companies and institutions, we consider • Real-time incident response and against today’s — and tomorrow’s —
solutions. security one of our highest priorities. forensics to accelerate detection, most difficult threats.
The data and transactions processed Our focus is on incorporating advanced, limiting the impact of threats. We’re all in this together. And we
by these applications represent the oper- threat-based security features in all of • Next-generation context- and applica- don’t need James Bond to figure it out.
ational center of many agencies, entities, our applications. tion-aware firewalls to enhance both By joining forces to tackle cybersecurity
and organizations. This is especially true This approach differs from that of protection and performance. challenges, software vendors and public
in oil and gas, aerospace, defense, public other software vendors whose secu- • Deep, machine learning-powered sector organizations can enable secure
sector, and utilities. Ensuring deep se- rity features are designed to meet the cybersecurity analytics that respond IT environments that support your time-
curity at the application layer — where minimum requirements needed to attain to threats in an adaptive manner. less mission of protecting the commu-
REPORTTIMES
data resides and transactions radiate to compliance certification. For govern- Focusing on securing critical infra- nity, providing services, and helping the
networks and the endpoints beyond — is ment and industry regulators, compli- structures helps ensure they can be de- economy prosper.
WASHINGTON
a fundamental requirement. ance mandates are the only way to raise fended against both physical and digital For more information on how you
But the vast majority of software the bar when it comes to protection. But threats. In doing so, organizations can can ensure deep security at the applica-
companies fail to implement security as public sector executives must realize protect everything from logistics and tion layer, visit https://www.sap.com/
A SPECIAL
an integral component of their applica- that regulatory compliance is the lowest operational management to HR systems corporate/en/company/security.html
tions. Most software offers only the bar — one that cannot and will not ad- and vendor interactions.
| THE
most basic security protections for data dress all of their security concerns. Protection should also extend to Justin Somaini heads the SAP Global
and transactions, enabling organized Instead, IT departments must build the burgeoning network of Internet of Security (SGS) team. With more than 20
Monday • January 29 • 2018
groups and individual actors to easily out a security strategy, using software Things (IoT) sensors and devices. In years of information security experience,
exploit security weaknesses. In many that offers enhanced protection out the last few years, we’ve seen customers he is responsible for SAP’s overall security
products, protection is applied as an of the box. To stay one step ahead of use IoT security features to keep trains strategy, ensuring that SAP and our cus-
afterthought — a Band-Aid intended to hackers and bad actors, it’s important to running in Italy, cranes operating in tomers have a consistent and convenient
compensate for a lack of security at the choose vendors that are committed to Dubai, and city streets well-lit and safe security experience and establishing SAP
application layer. continuously improving and updating in Germany. as a recognized and trusted leader in the
Government and business leaders their products. To stay ahead of the increasing num- industry. In his role Justin is account-
typically are surprised by this. They To help organizations become secure ber and variety of threats, we continue able for three core domains — Physical
believe that their collection of security and protected, we aim for the highest incorporating new technology into our Security, Product Security, and Enterprise
tools will protect their organization bar: targeting the actual threat. Orga- solutions. Today we’re exploring new Security — for all of SAP.
from the bad guys and that applications nizations that want to reach beyond ways to use artificial intelligence and
6 placed behind their firewalls are safe. compliance should look for enterprise machine learning to identify new or
You can’t lead
the way with
technology
that’s behind
A SPECIAL REPORT PREPARED BY THE WASHINGTON TIMES Special Sections DEPARTMENT And
the times.
Government is Live
SAP can help you meet the challenges –
and the opportunities – of a truly
[`^`kXc$Ôijk^fm\ied\ekn`k_Xe`eefmXk`fe
platform that combines emerging
technologies from Machine Learning to
Blockchain to the Internet of Things and
Y\pfe[%Iledfi\\]ÔZ`\ekcp#i\jfcm\
`jjl\j]Xjk\i#Xe[[\c`m\ifek_\gifd`j\
of superior experiences for citizens.
=`e[flk_fnJ8GZXe_\cgpfli\`dX^`e\
pfliYlj`e\jjgifZ\jj\jn`k_ZfeÔ[\eZ\%
Visit sap.com/publicsectorlive
THESalute To
WASHINGTON
)'(.J8GJ
Preparing now for safe, secure self-driving
cars and other innovative technologies
time — from horse-drawn carriages challenges to protecting consumer We’re also looking at the challenges
to the Ford Model T to the potential information while ensuring access to and implications that come with the
of fully self-driving vehicles — but the services they want. Internet of Things (IoT). IoT is the
the committee has always provided These issues remain at the top of name for the network of connected
stewardship over American innovation, my agenda in 2018. The subcommittee devices, services and objects that col-
promotion of commerce and protecting has already begun working with a wide lect and exchange information. IoT
consumers. range of stakeholders on potential pro- applications, like smart home devices
Not only are we examining present- posals and recommendations that can and wearable technologies, can offer
day issues involving consumer safety incentivize security and help prevent significant benefits to consumers by
and technology, we are looking ahead breaches of personal and financial data. providing quick responsive services,
to the future of innovation — what Another consumer protection issue convenience and enhanced user
is coming five or 10 years down the that continues to be on our radar is experiences.
road. With the promise of new in- self-driving cars. We need to make sure However, cybersecurity remains an
novations and technological capabili- these vehicles are safe for consumers ever-present concern for any internet-
ties coming our way, the landscape is and at the same time promote inno- connected device. Constant vigilance
ever-changing. vation in this space. That’s why we and improved coordination are neces-
PREPARED BY THE WASHINGTON TIMES Special SectionS DEPARTMENT AND SALUTE TO VETERANS
The number of connected devices passed the SELF DRIVE Act — a first- sary to help prevent bad actors from
is on the rise, and our digital economy of-its-kind piece of legislation — to taking advantage of weaknesses. With
By Rep. Bob Latta continues to grow. American consum- do just that. It passed the Energy and so many of these items now in homes
T
ers have come to expect the speed, Commerce Committee in a bipartisan and businesses across the country, our
here really isn’t anything choice and convenience of online 54-0 vote and then received unanimous committee continues to examine the
quite like American innova- shopping, digital commerce, on- approval in the House. privacy and security concerns associ-
tion. What makes U.S. inno- demand credit, mobile payments and This bill helps ensure that self- ated with IoT.
vation so different is that it’s much more. While most Americans driving cars are safe by focusing on As a result of advancements like the
not just one field or sector; feel that technology positively affects both structural features and cyberse- Internet of Things, self-driving cars
it’s an ethos that inspires society and our everyday lives, polls curity. In fact, the legislation makes and digital commerce, the American
business across the country. Whether show they are skeptical about how clear that auto manufacturers cannot people are more connected to informa-
it’s due to Americans’ work ethic, an personal information is used and pro- sell or introduce into commerce a self- tion and opportunity than ever before.
entrepreneurial spirit or a framework tected online. driving car unless a cybersecurity plan My goal on the Digital Commerce
that allows innovators to succeed, the Recent data breaches from Equi- has been developed. This legislation is and Consumer Protection Subcom-
United States is second to none when fax, Uber and other companies raise also important for our senior citizens mittee has always been to act in the
it comes to creating technology that the specter about the protection of and for individuals with disabilities as best interest of the consumer and the
improves our daily lives. consumers in a data-driven economy. autonomous vehicles would increase American people. In any policy deci-
With that in mind, the U.S. Constitu- Breaches involving sensitive personal mobility. sion, we must anticipate what’s coming
tion empowers Congress with an im- and financial information are a serious As this technology is already next in the fast-paced environment of
portant duty — included in the Com- threat to the well-being of American underway and further development innovation. The tremendous benefits
merce Clause — to provide oversight consumers and our economy. Last fall, continues, the SELF DRIVE Act pro- of our internet-enabled, data-driven
of interstate and foreign commerce. the Subcommittee on Digital Com- vides a clear, consistent framework economy need not be at the expense
This constitutional power is central to merce and Consumer Protection — under which innovation can thrive. We of safeguarding consumers’ personal
the work of the 223-year-old Energy which I chair — made solid progress remain committed to working with our information.
and Commerce Committee, the oldest in examining data breach and cyber- Senate colleagues and getting self-driv-
continuously standing committee in security issues. Through a number of ing car legislation to the president’s Rep. Bob Latta, Ohio Republican, is
the House of Representatives. While public hearings, including testimony desk. This is an important step for con- Chairman of the House Energy and
none of the members of the Committee running the gamut from the former sumer safety and innovation as more Commerce Subcommittee on Digital
have been around since its inception, CEO of Equifax to renowned cyberse- and more of this incredible technology Commerce and Consumer Protection.
it’s fair to say much has changed over curity experts, we learned about the reaches America’s roads.
REPORTTIMES
CORMAN
WASHINGTON
I am hopeful these discussions take root. stunning growth rate of IoT and con- things are more dependable or depend
From a policy perspective, Mirai nected technologies represents a public upon them less. We are prone. We are
From page C4 disrupted the “prior prevailing hopes” health issue. Hackable — but unpatch- prey. Predators have taken notice. Our
A SPECIAL
with regards to lighter touch regulation/ able technologies — cannot remain the relative obscurity is over. What will we
policy. There was the belief that adding norm. If you add software to something, do about it?
| THE
Energy & Commerce Committee asked transparency, security “nutrition labels” you make it hackable. If you connect
the Health and Human Services Depart- and a software bill of materials would something, you make it exposed. While Joshua Corman, a nationally recognized
Monday • January 29 • 2018
ment to enact one of our Health Care enable consumers and purchasers to this was bad enough when it was $100 security expert, is Chief Security Officer
Task Force recommendations: create a better discern “more secure products” internet cameras taking out the Internet and Senior Vice President at PTC. He is
software “bill of materials” (or ingredi- from “less secure products.” The bulk for an afternoon, we will surely regret Founder of I Am The Cavalry (iamthe-
ents list) for medical technologies. Two of discussion was about enabling free it when a similar attack is comprised cavalry.org), a global, grassroots orga-
Members of Congress, Rep. Will Hurd, market choice. Mirai revealed the of life-and-limb medical equipment nization that focuses on issues — such
Texas Republican, and Rep. James Lan- externalities challenges and “tragedy of and patient care and actual lives are as medical devices, automobiles, home
gevin, Rhode Island Democrat, joined the commons” aspects of our interde- impacted. electronics and public infrastructure —
me at DEF CON∏, the world’s largest pendence. Yes, transparency can enable Mirai, WannaCry, NotPetya and at- where computer security intersects public
hacker conference in August. Earlier informed and conscientious individuals tacks on the grid and critical infrastruc- safety and human life. @joshcorman.
that summer, the Cyber Med Summit in to buy a safer product, but choices made ture are increasing. If we are overdepen-
Phoenix saw the first hospital hacking by others can still hurt us — severely. dent on undependable things, we have
8 simulations with medical stakeholders. At current hygiene levels, the choices: Muster the will to ensure these
Time’s up for poor cyber hygiene
threaten our daily lives and personal by implementing security controls, government by mandating that the
security, we have to address the twin classifying sensitive data, and creat- Department of Homeland Security
pillars of network security: cyber hy- ing and practicing attack response regularly assess cybersecurity threats
giene and security management. plans. Vigilant security management, and work with agencies to address
Cyber hygiene is the responsibility coupled with good cyber hygiene, is a them. As the federal government cu-
of all Internet users to take basic and recipe for keeping our digital systems rates the most sensitive and vast col-
proactive steps to secure networks secure. lection of data on Earth, it is central to
and devices. Installing software up- In the wake of last year’s attacks, our national interest to keep that data
dates to patch known vulnerabilities; I introduced the bipartisan Promot- secure.
using strong, secure passwords; and ing Good Cyber Hygiene Act to In today’s ever-increasing digital
utilizing modern firewall and security strengthen both pillars of American world, the American people need to
techniques are some of the hallmarks cybersecurity. The bill promotes trust the Internet with their most
of good cyber hygiene. As an entire cyber hygiene by instructing the sensitive and intimate information.
network can be compromised by a sin- National Institute of Standards and From online bank accounts to medical
gle individual’s neglect of cybersecu- Technology (NIST) to maintain a records, the information we store and
rity, as in the Equifax case, maintain- user-friendly list of cybersecurity transmit online must be protected. For
ing good cyber hygiene is imperative. best practices that is easily accessible the state of our union to be strong, it
The other essential pillar of cy- to the American people. As security is imperative that Congress act this
A SPECIAL REPORT PREPARED BY THE WASHINGTON TIMES Special Sections DEPARTMENT And
O
By Rep. Anna G. Eshoo
bersecurity is security management. protocol is constantly evolving, this year to improve our nation’s cyber-
n Jan. 30, President It is the responsibility of organiza- list of up-to-date best practices will be security. The digital systems that
Trump will deliver his tions to maintain secure networks. prized by anyone seeking to improve sustain our way of life are vulnerable
first State of the Union Businesses and government agencies their cyber hygiene. to attack, and we must act to pro-
address to Congress. The can greatly reduce the incidence of This bill also strengthens cyberse- tect whatever the American people
purpose of this consti- cybercrime within their networks curity management within the federal deem as private and whatever our
tutionally sanctioned government deems as essential to our
speech is to reflect on the challenges national security.
facing our country and policies to ad- If we’re actually serious about protecting ourselves
dress them. One challenge that must from data breaches and cybercrime ... we have Democrat Rep. Anna G. Eshoo repre-
not be ignored is the ongoing threat of
cyberattacks to our personal security.
to address the twin pillars of network security: sents the 18th Congressional District of
California. She is a senior member of
Last year was one of the worst cyber hygiene and security management. the Energy and Commerce Committee.
years for cyberattacks in U.S. history.
In May, the WannaCry ransomware at-
tack affected hundreds of thousands of
computers in more than 150 countries,
including the U.S., and held comput-
ers hostage until ransoms were paid
by owners to restore access. This new
type of ransomware, which we later
learned was launched by the North
Korean regime, exploited known vul-
nerabilities in computers that failed to
install basic software patches.
The WannaCry attack was soon
dwarfed in comparison by the Equifax
data breach, which compromised the
personal information of nearly 146
million Americans including names,
Social Security numbers, birth dates,
THESalute To
addresses and driver’s license num-
WASHINGTON
bers. Appearing before the House
Energy and Commerce Committee,
Equifax’s now-former CEO announced
that the breach was reportedly caused
Veterans
by the failure of a single Equifax
TIMES
employee to install basic software up-
dates in a timely manner. Altogether,
| Monday • January 29 • 2018
the personal information of hundreds
of millions of consumers was exposed
to malicious hackers last year, and it’s
likely yours was too.
Despite the severity of these at-
tacks and the pronouncements of
outrage by Members of Congress, no
sensible legislation has been advanced
to prevent a similar attack from hap-
pening in the future.
If we’re actually serious about pro-
tecting ourselves from data breaches
and cybercrime that increasingly 9
The 3 prongs of a sound cybersecurity strategy
By Rep. Robin Kelly
I
PREPARED BY THE WASHINGTON TIMES Special SectionS DEPARTMENT AND SALUTE TO VETERANS
n 2018, our security can no longer
exclusively be defined in terms of
tanks, airplanes and weapon systems.
As government, private indus-
try and American families have
adopted technology into nearly
every aspect of our lives, the need for
cybersecurity has grown exponentially.
Unfortunately, our response to this
threat has been piecemeal at best.
In order to combat this real and illustration by
growing threat, we need a three-pronged Greg Groesch
approach that involves everyone from
Washington D.C., to Chicago to Silicon
Valley and everywhere in between.
Prong One — Washington, D.C.: On
too many issues, business as usual is While these out Internet ac-
either broken or ineffective within the are good ideas, cess to users on the
Beltway. Thankfully, one area where they achieve nothing East Coast. It should
we are making strides through biparti- if they are trapped in not be that easy for cy-
sanship is in cybersecurity. our subcommittee. When bercriminals to exploit these
I’m privileged to serve as the Rank- we worked on the MGT Act, vulnerabilities, and families can
ing Member of the House Oversight we held field hearings and hearings take simple steps to prevent it.
and Government Reform Subcommit- in Washington, we allowed amend- As new cyberthreats continue to grow
tee on Information Technology with ments, and we worked across the professionals that our economy needs, and evolve, every person needs to take
Chairman Will Hurd, Texas Republi- aisle to craft the best possible plan. we need to reach into every community: these issues seriously and be proactive
can. It would be difficult to find some- Congress needs to do more of this. We suburban, veteran, working class and in stopping them. There are simple, ev-
one in Congress, or frankly anywhere need to work on legislation together, communities of color. With this great eryday things that every person can do,
else, who has more experience and not in party-driven ideological silos. need, we cannot allow someone’s ZIP even with limited technical expertise,
understanding on these critical issues. Let’s actually allow the space for the code or background to lock them out of to make themselves, their data and the
Together, we have been able to craft best ideas to come forward. When it these opportunities. entire system safer.
REPORTTIMES
legislation in an open, process-driven comes to cybersecurity, we cannot One real challenge we face is that just These include simple things like mul-
way that will revolutionize government afford to let good policy sit on the 22 percent of schools with AP programs tifactor identification (when you receive
WASHINGTON
IT acquisition, increase cybersecu- shelf because of whose name is on the offer computer science coursework and a text with a code to confirm a login) and
rity and save taxpayer dollars. This sponsor line. nationwide nearly 30 percent of schools using only trusted Wi-Fi networks and
legislation, called the Modernizing Prong Two — Every Community: do not offer any AP coursework. This passwords that are secure (please stop
A SPECIAL
Government Technology (MGT) Act When it comes to combating cyber- means that thousands, if not millions, using Password123). Trust me, you want
and signed into law in December, is an threats, we need everyone from every of American students are blocked from to do these things before your data is
| THE
important first step. Still, more work community involved. According to the learning critical skills that could open compromised or your bank account is
remains to ensure that all government Level Playing Field Institute, there will the door to a career as a cyber profes- drained, and it will help make everyone
Monday • January 29 • 2018
data is protected from today’s and be 1.4 million new tech jobs by 2020 sional. The first step toward addressing and the system safer.
tomorrow’s cyberthreats. and 70 percent will be unfilled. Many this crisis is to get more computer sci- We still have a lot of work to do to
Right now, I’m working on pieces of of these jobs will be devoted to cyber- ence teachers into the classroom. My bolster cybersecurity. We are starting to
legislation to ensure baked-in secu- security or play a critical role in cyber Today’s American Dream Act includes a make the right steps and now is the time
rity measures for internet-connected defense. We clearly cannot allow the provision that would incentivize people to go from small steps toward giant leaps.
devices like webcams and to help vast majority of these jobs to remain to teach computer science by helping to Technology and hackers will not wait.
agencies better manage their IT inven- open; we need to redouble our efforts pay off some of their student loan debt.
tory. Additionally, Chairman Hurd has to train new workers, retrain mature Prong Three — On Every Computer: Democrat Rep. Robin Kelly represents
proposed the idea of a Cyber National workers and inspire students to pursue Combatting cybersecurity is not some- Illinois’ 2nd Congressional District. She
Guard to increase cybersecurity talent STEM careers. one else’s responsibility. It is everyone’s serves as the Ranking Member of the
within government; I support this com- In order to meet the bourgeoning responsibility. In October 2016, house- House Oversight and Government Reform
10 monsense proposal. demand for new cybersecurity and tech hold kitchen items were used to knock Subcommittee on Information Technology.Fighting cybercrime: A shared responsibility
for the nation, home and workplace
stop more than 9 million cyberattacks
and prevent $8.7 million fraud loss
daily. This data point makes me proud
of our team, but it also reinforces
the important fact: Threat is real and
never-ending.
Oftentimes, consumers think that
they are immune or safe from cyber-
crime. However, as a veteran, I have
been the victim of many data breaches
and, most recently, was a victim of
the Office of Personnel Management
(OPM) breach. In this case, I knew
what type of information was compro-
A SPECIAL REPORT PREPARED BY THE WASHINGTON TIMES Special Sections DEPARTMENT And
mised from the sensitive information I
provided for my security clearance.
The data compromised wasn’t just
By Gary McAlum my information; my family was im-
C
pacted as well — and received letters
ybercrime is an unfortu- from OPM directly. Knowing that my
nate reality in our world family members were now victims of
today. It is something identity theft for the rest of their lives
that has become com- made me angry. I understand firsthand
mon language, and many the frustration of being a victim of
Americans have become identity theft, and I carry it with me
fatigued and numb to the continuous every day in protecting our members
cyberthreats. at USAA. They depend on us, and I
This is why Data Privacy Day is know how they would feel if it hap-
important to me and my team. It is an pened to them on my watch.
opportunity to reinforce to consumers I’ve also experienced a wide range
the importance of always being vigi- of cyberattacks directly, ranging from
lant and allows us to continue the con- phishing emails to fraudsters attempt-
versation of what we can do to better ing to impersonate me or even call me
protect ourselves from cyberthreats. pretending to be a company I trust. At
USAA, we reinforce that fighting fraud credible company. Bottom line, follow award in Javelin’s 2017 Account Safety
is a shared responsibility and try to your senses. If in doubt, pause to con- in Banking Scorecard, we embrace
reiterate some of the key ways to pro- firm you really want to proceed. one of the Navy SEALs’ mottos as a
tect yourself from cyber threats: Monitor your info (and your top security priority: The only easy
Multifactor authentication children’s accounts): We tend to day was yesterday. There is no place
(MFA): The reality is our personal focus on steps to avoid identity theft for complacency when you work in
information is already known or easily for ourselves but may not think about cybersecurity.
available. The most effective thing we our children. This is a growing trend
can do to protect our online accounts and can be difficult to detect and Gary McAlum is Chief Security Officer
is to use strong authentication. If your resolve. Make sure to review your in- at USAA. His responsibilities include
online account offers options beyond formation and respond to any security Information Security & Privacy, Fraud
THESalute To
passwords and security questions, or fraud alerts. and Financial Crimes Management &
WASHINGTON
please consider them. I use a combi- Many individuals may feel online Investigations, and Physical Security
nation of the random code option — a security seems like a lost cause. The services. Prior to joining the USAA
one-time security code that is texted reality is that it’s a risk management team in February 2010, he completed
Throughout my military career of to me — and biometric options when situation, and we have the ability to 25 years of service in the U.S. Air Force,
Veterans
25 years with the Air Force, I had the available, including fingerprint, voice minimize some risks by the actions we which included years within the in-
TIMES
opportunity to work in a variety of IT or facial recognition. take, or don’t take. As consumers, we formation technology career field.
and technology roles, but the posi- Better passwords: When you can take control by embracing these
| Monday • January 29 • 2018
tions involving cybersecurity were don’t have access to MFA options, it’s tips into our daily lives. Fraud will
the most challenging. The scope and critical to use a strong password that always exist — the key is to make it as
magnitude of cyber issues facing our includes a mixture of symbols and difficult as possible so the fraudster
nation became crystal clear to me, letters. The key is to change it up — will prey elsewhere.
and I realized I wanted to continue to don’t use the same password for all As the chief security officer at
work in this important area for a com- accounts. USAA, my team stands strong to
pany like USAA after retiring from the Stay vigilant: Phishing is a com- protect our members’ information.
military. mon tactic to gain your personal This commitment requires a 24/7
At USAA, my team is responsible information, and fraudsters prey on mindset and offers no room for failure.
for protecting our more than 12 mil- individuals hoping the user clicks a We have the best talent on our team,
lion members from cybercrime. It link or takes actions without acknowl- and a solid percentage are veterans
is an honor to serve our military, edging red flags. Fraudsters will often or military spouses. While we were
veterans and their families and help call you directly impersonating a honored to receive the “Best in Class” 11You can also read
