Welcome!

Microservices Expo Authors: Zakia Bouachraoui, Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz

Related Topics: Microservices Expo, Agile Computing, @CloudExpo, Cloud Security

Microservices Expo: Blog Post

Addressing Cyber Instability Panel Discussion

The growing trend of hacktivism

The final portion of the Cyber Statecraft Initiative‘s and the Cyber Conflict Studies Association‘s ”Addressing Cyber Instability” event was a panel discussion and question and answer session. The panel included Greg Rattray, CEO of Delta Risk and former Commander of the Operations Group of the Air Force Information Warfare Center,  Kris Martel, Senior Cybersecurity Architect at Intelligent Decisions, Michael Mulville, Client Solutions Executive at Cisco Systems, and Jason Healey, director of the Cyber Statecraft Initiative, as the moderator.

Martel began by addressing the growing trend of hacktivism. Hacktivism is different from regular cyber crime as the goal is to penetrate governments and organizations to “teach them a lesson” and, with this different motive, can be more difficult to combat as well. As hacktivist groups are ideologically motivated, organizations are afraid to fight them or strike back and incite retribution. Hacktivist groups also tend to be part of a movement rather than an organization and hence do not have leaders to target but you can’t go after everyone in, for example, Anonymous. When asked how governments and organizations can reach out to Hacktivists rather than trying to fight them, he suggested giving them a chance to express themselves in order to bring them over to our side. Martel thought more freedom and creativity would benefit cybersecurity as a whole. For resiliency, he suggested education focusing on the solutions we want tomorrow rather than what we have now, starting young, and giving students the freedom to innovate. Martel also saw the rise of cloud computing as an opportunity to get cybersecurity right by “baking security into the cloud” rather than adding it as an afterthought like we did for the Internet. Another trend Martel noted was significant for security was Bring Your Own Device.

Mulville reiterated one of the themes of the events, that deterrence is essentially void in cyberspace.  Many agencies don’t even know what it is they hope to deter as they are not sure what is happening on their networks until days or weeks later. Achieving deterrence would require a sweeping change of approach as cybersecurity faces organizational, not simply technical, problems. At this point, we’ve been trying to solve the same problems for so long that we’re faced with diminishing returns and need to try new strategies.

Rattray confirmed the sorry state of national cybersecurity. He recalled how two senior Federal Bureau of Investigation officials had told him that the problem only got worse under their watch, He also continued with the theme of the difficulty of deterrence in cyberspace, noting that the risk of losing deterrence by not acting is smaller than the risk of miscalculating a response and hitting an innocent party due to flawed attribution and containment or violating fledgling norms and laws. Rattray also corrected some misconceptions about cyber deterrence. Though cyber weapons are often shrouded in mystery, we do have a fairly good idea of other nations’ capabilities and they understand ours. Also, cyber espionage is not a deterrence problem, it’s an espionage problem like physical spying.

Jay Healey discussed the idea of cyber war. While we are not at cyber war, as that would mean we could take kinetic action to kill attackers, Stuxnet crossed more than one rubicon. Aside from being the first cyber weapon with important kinetic effects, it was also the first truly autonomous weapon as it did not need to check back at any point. Using Stuxnet was a huge decision that required more transparency. It also weakened norms in cyberspace, as it is harder for the United States to say China can’t engage in cyber espionage while we launch cyber attacks. As cyberspace is unstable, there’s an advantage to attacking early, especially as offense has the advantage in cyber. With regards to measures meant to increase stability and security at the price of privacy, Healey noted that most of the currently discussed solutions are the ones that least affect privacy and are the low-hanging fruit of cybersecurity.

This post by was first published at CTOvision.com.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Microservices Articles
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mistakes high” is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee A...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addresse...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...