Microservices Expo Authors: Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz, Zakia Bouachraoui

Related Topics: Microservices Expo, Agile Computing, @CloudExpo, Cloud Security

Microservices Expo: Blog Post

Addressing Cyber Instability Panel Discussion

The growing trend of hacktivism

The final portion of the Cyber Statecraft Initiative‘s and the Cyber Conflict Studies Association‘s ”Addressing Cyber Instability” event was a panel discussion and question and answer session. The panel included Greg Rattray, CEO of Delta Risk and former Commander of the Operations Group of the Air Force Information Warfare Center,  Kris Martel, Senior Cybersecurity Architect at Intelligent Decisions, Michael Mulville, Client Solutions Executive at Cisco Systems, and Jason Healey, director of the Cyber Statecraft Initiative, as the moderator.

Martel began by addressing the growing trend of hacktivism. Hacktivism is different from regular cyber crime as the goal is to penetrate governments and organizations to “teach them a lesson” and, with this different motive, can be more difficult to combat as well. As hacktivist groups are ideologically motivated, organizations are afraid to fight them or strike back and incite retribution. Hacktivist groups also tend to be part of a movement rather than an organization and hence do not have leaders to target but you can’t go after everyone in, for example, Anonymous. When asked how governments and organizations can reach out to Hacktivists rather than trying to fight them, he suggested giving them a chance to express themselves in order to bring them over to our side. Martel thought more freedom and creativity would benefit cybersecurity as a whole. For resiliency, he suggested education focusing on the solutions we want tomorrow rather than what we have now, starting young, and giving students the freedom to innovate. Martel also saw the rise of cloud computing as an opportunity to get cybersecurity right by “baking security into the cloud” rather than adding it as an afterthought like we did for the Internet. Another trend Martel noted was significant for security was Bring Your Own Device.

Mulville reiterated one of the themes of the events, that deterrence is essentially void in cyberspace.  Many agencies don’t even know what it is they hope to deter as they are not sure what is happening on their networks until days or weeks later. Achieving deterrence would require a sweeping change of approach as cybersecurity faces organizational, not simply technical, problems. At this point, we’ve been trying to solve the same problems for so long that we’re faced with diminishing returns and need to try new strategies.

Rattray confirmed the sorry state of national cybersecurity. He recalled how two senior Federal Bureau of Investigation officials had told him that the problem only got worse under their watch, He also continued with the theme of the difficulty of deterrence in cyberspace, noting that the risk of losing deterrence by not acting is smaller than the risk of miscalculating a response and hitting an innocent party due to flawed attribution and containment or violating fledgling norms and laws. Rattray also corrected some misconceptions about cyber deterrence. Though cyber weapons are often shrouded in mystery, we do have a fairly good idea of other nations’ capabilities and they understand ours. Also, cyber espionage is not a deterrence problem, it’s an espionage problem like physical spying.

Jay Healey discussed the idea of cyber war. While we are not at cyber war, as that would mean we could take kinetic action to kill attackers, Stuxnet crossed more than one rubicon. Aside from being the first cyber weapon with important kinetic effects, it was also the first truly autonomous weapon as it did not need to check back at any point. Using Stuxnet was a huge decision that required more transparency. It also weakened norms in cyberspace, as it is harder for the United States to say China can’t engage in cyber espionage while we launch cyber attacks. As cyberspace is unstable, there’s an advantage to attacking early, especially as offense has the advantage in cyber. With regards to measures meant to increase stability and security at the price of privacy, Healey noted that most of the currently discussed solutions are the ones that least affect privacy and are the low-hanging fruit of cybersecurity.

This post by was first published at CTOvision.com.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Microservices Articles
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addresse...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.