Welcome!

Microservices Expo Authors: Pat Romanski, Liz McMillan, Elizabeth White, Stefana Muller, Karthick Viswanathan

Related Topics: Microservices Expo, Agile Computing, @CloudExpo, Cloud Security

Microservices Expo: Blog Post

Addressing Cyber Instability Panel Discussion

The growing trend of hacktivism

The final portion of the Cyber Statecraft Initiative‘s and the Cyber Conflict Studies Association‘s ”Addressing Cyber Instability” event was a panel discussion and question and answer session. The panel included Greg Rattray, CEO of Delta Risk and former Commander of the Operations Group of the Air Force Information Warfare Center,  Kris Martel, Senior Cybersecurity Architect at Intelligent Decisions, Michael Mulville, Client Solutions Executive at Cisco Systems, and Jason Healey, director of the Cyber Statecraft Initiative, as the moderator.

Martel began by addressing the growing trend of hacktivism. Hacktivism is different from regular cyber crime as the goal is to penetrate governments and organizations to “teach them a lesson” and, with this different motive, can be more difficult to combat as well. As hacktivist groups are ideologically motivated, organizations are afraid to fight them or strike back and incite retribution. Hacktivist groups also tend to be part of a movement rather than an organization and hence do not have leaders to target but you can’t go after everyone in, for example, Anonymous. When asked how governments and organizations can reach out to Hacktivists rather than trying to fight them, he suggested giving them a chance to express themselves in order to bring them over to our side. Martel thought more freedom and creativity would benefit cybersecurity as a whole. For resiliency, he suggested education focusing on the solutions we want tomorrow rather than what we have now, starting young, and giving students the freedom to innovate. Martel also saw the rise of cloud computing as an opportunity to get cybersecurity right by “baking security into the cloud” rather than adding it as an afterthought like we did for the Internet. Another trend Martel noted was significant for security was Bring Your Own Device.

Mulville reiterated one of the themes of the events, that deterrence is essentially void in cyberspace.  Many agencies don’t even know what it is they hope to deter as they are not sure what is happening on their networks until days or weeks later. Achieving deterrence would require a sweeping change of approach as cybersecurity faces organizational, not simply technical, problems. At this point, we’ve been trying to solve the same problems for so long that we’re faced with diminishing returns and need to try new strategies.

Rattray confirmed the sorry state of national cybersecurity. He recalled how two senior Federal Bureau of Investigation officials had told him that the problem only got worse under their watch, He also continued with the theme of the difficulty of deterrence in cyberspace, noting that the risk of losing deterrence by not acting is smaller than the risk of miscalculating a response and hitting an innocent party due to flawed attribution and containment or violating fledgling norms and laws. Rattray also corrected some misconceptions about cyber deterrence. Though cyber weapons are often shrouded in mystery, we do have a fairly good idea of other nations’ capabilities and they understand ours. Also, cyber espionage is not a deterrence problem, it’s an espionage problem like physical spying.

Jay Healey discussed the idea of cyber war. While we are not at cyber war, as that would mean we could take kinetic action to kill attackers, Stuxnet crossed more than one rubicon. Aside from being the first cyber weapon with important kinetic effects, it was also the first truly autonomous weapon as it did not need to check back at any point. Using Stuxnet was a huge decision that required more transparency. It also weakened norms in cyberspace, as it is harder for the United States to say China can’t engage in cyber espionage while we launch cyber attacks. As cyberspace is unstable, there’s an advantage to attacking early, especially as offense has the advantage in cyber. With regards to measures meant to increase stability and security at the price of privacy, Healey noted that most of the currently discussed solutions are the ones that least affect privacy and are the low-hanging fruit of cybersecurity.

This post by was first published at CTOvision.com.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Microservices Articles
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In their Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, and Mark Lav...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide your business substantial savings compared to pay-as-you-go, on-demand services alone. Continuous monitoring of cloud usage and active management of Elastic Compute Cloud (EC2), Relational Database Service (RDS) and ElastiCache through RIs will optimize performance. Learn how you can purchase and apply the right Reserved Instances for optimum utilization and increased ROI.
TCP (Transmission Control Protocol) is a common and reliable transmission protocol on the Internet. TCP was introduced in the 70s by Stanford University for US Defense to establish connectivity between distributed systems to maintain a backup of defense information. At the time, TCP was introduced to communicate amongst a selected set of devices for a smaller dataset over shorter distances. As the Internet evolved, however, the number of applications and users, and the types of data accessed and...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling independent service deployments. In this presentation we'll provide an overview of the tools, patterns and pain points we've seen when implementing contract testing in large development organizations.
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...