Modern field guide to security and privacy

Cybersecurity experts cautiously optimistic about 2016

Passcode was the exclusive media partner at an event looking at the cybersecurity landscape of 2016 hosted by the Atlantic Council think tank. Here’s what we learned.

It's been an active year in cybersecurity. Washington and Beijing reached a historic agreement around cooperation for curtailing digital espionage, the US government suffered its largest known data breach, and there was a seemingly endless string of breaches and hacks.

Looking ahead to 2016, there's little indication from experts that online threats will be any less numerous or menacing. But there is optimism that groundwork laid this year could pay dividends in the year ahead. That's especially the case regarding negotiations with China to thwart commercial hacking, said Ellen Nakashima, national security reporter at The Washington Post.

"It’s a combination of these tools and these measures by the US as well as expressions of concern by others – industry and academia – that could start to move the needle next year," Ms. Nakashima said.

Nakashima joined a panel of cybersecurity and legal experts to discuss some of the most pressing trends in cybersecurity at an event hosted by the Atlantic Council think tank in Washington. Passcode was the exclusive media partner for this Cyber Risk Wednesday event. Here are three things we learned:

1. New norms emerged for reporting cyberthreats

Companies are going public much faster after breaches, according to Nakashima. For instance, she said, the way Home Depot notified customers about its 2014 breach – and quickly started looked for solutions to mediate the impact – influenced how other companies responded to breaches this year. 

"There’s been a gradual shift away from blaming the victim," Nakashima said. "Yes, people feel like companies should be responsible for cybersecurity, but they also understand this is such a widespread and pervasive problem that what company hasn’t been hacked?"

2. Cyberthreats are bigger problems for small businesses

More small companies are reaching out to the government for help with issues around cyberattacks, said Sean Newell, deputy chief for cyber, counterintelligence, and export control section at the Department of Justice. Unfortunately, he said, small firms don't have the same capacity as large corporations to confront dangers online.

"I wonder if that’s going to push the threat down to mid- or smaller-sized companies," Mr. Newell said. "I see that as an issue coming forth in the next year."

3. Progress with China takes time

It's a good sign that there hasn’t been another attack such as the Sony Pictures breach, said Jason Healey, senior research scholar at Columbia University’s School of International and Public Affairs. Even though the US blamed North Korea for the Sony hack, Obama administrations officials told The New York Times the government has sought China's help to stop attacks coming from North Korea. Indeed, said Mr. Healey, success with the Chinese shouldn't be measured only in terms of the recent cyberespionage deal. Instead, it should be seen as incrementally better than it was previously.

"Diplomacy isn’t binary, right? It’s not one or zero," he said. "If this decreases Chinese espionage by 10 percent, it is quite possibly the most successful thing we’ve ever done to reduce Chinese espionage."

 

Two notable quotes:

1. If the US decides it’s necessary to monitor smartphone apps for potential terrorist activity, Healey said, it is feasible that terrorists will attempt to stay ahead of that monitoring by switching apps frequently.

"What do we do when we have terrorists on Tinder?" Healey said. "How far does this go with the proliferation of technologies, that we’re going to continue to chase them down every hole? Does that scale?"

2.  Looking forward at whether the US's efforts with China have effectively stanched the country’s efforts to hack for economic gain, Nakashima said President Obama’s executive order this year might shed light on possible next steps. The order allows him to impose economic sanctions on either companies or individuals that conduct cyberattacks, including for economic gain.

"If China continues to conduct economic espionage and is essentially violating its pledge, I would expect the administration, before its term is out, to go forth and impose those sanctions," she said.

Notable tweet:

Correction: This story was updated after publication to correctly identify the panel participant from the Department of Justice as Sean Newell, deputy chief for cyber, counterintelligence, and export control section of the National Security Division.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.