Cyber space is no longer the next frontier -- it's here and it needs to be secured.
Panelists representing defense companies large and small, law firms, higher education and industry groups who gathered May 8 at a Daily Transcript roundtable to discuss cyber security agreed San Diego could become the leader for cyber security as the threats become more prevalent and the need for security grows.
But governance, education, collaboration, new approaches to threats, and developing the right work force to complete the job all must be addressed to move forward with cyber security and combat the ever-growing threats from cyber crime.
"It's the worst kind of crime in that it's spread everywhere," said Darin Andersen, chief operating officer for ESET. "There are cells, like with al-Qaida, that sit in various countries with various vectors of attack, and technology that we have a difficult time tracing. This is the huge challenge we have coming."
Cyber crime is multi-layered, he said, because there is the national defense aspect, the need to protect children online and issues of identity theft. All pieces are important, and none has an easy solution.
Already there are discussions about cyber crime, cyber warfare and cyber security in Washington, D.C. But roundtable participants said there needs to be more influence from San Diego.
"The policy, the governance -- we have to create some of that. We have to write some of that," said Benito Hobson, corporate relations manager for Integrits Corp. "We have to be a plan holder."
Governance was a recurring theme throughout the discussion. There was a general consensus that governance is a necessary component. But to what extent it should be implemented was less clear.
"Your point about governance is spot on," Lon McPhail, technical director for Navy C4I Systems at Lockheed Martin (NYSE: LMT), said in response to Hobson. "I struggle mentally to figure out how do you govern something that is by design non-structured."
Eric Basu, president and CEO of Sentek Consulting, also is concerned about striking the right balance between governance and innovation.
"How much governance do we need to stifle innovation?" he asked. "America is founded on innovation. That's our future."
Determining the right governance is one of the issues that will need to be worked out as cyber security grows.
Another big issue is that all the safeguards companies create will be worthless without individuals recognizing the need to protect their own information.
Over time, cyber threats have evolved to a point where a personal laptop at home has become a hard target. It's a way to collect information and gain access to a system.
"You have thousands of people spending 24 hour a day hacking -- and it used to be (just) our government systems," said Jay Porter, director of programs and transition, information security solutions, at Raytheon (NYSE: RTN). "Now it's our home systems, company systems. Now they're looking for any way in."
Chris Stephens, enterprise technologist, Navy and Marine Corps Technology Center, for CSC (NYSE: CSC), pointed out that 80 percent of assaults come from inside.
When hackers do get in, they can launch myriad attacks under the guise of a private American citizen who never intended to cause any harm.
"The weakest link is the weakest link," Andersen said. "It could be my daughter or your son that actually launches cyber 9/11 because they have no knowledge -- because everything is automated and controlled maybe from some completely different source."
When it comes to private citizens, some roundtable participants said educating them on the threats is important. And the more they hear about attacks, they more likely they are to invest in protecting their information.
For commercial companies and those not tied to the government like defense contractors are, the law could be the driving force needed to increase their cyber security.
"What's happening is the law is going to drive compliance for most companies on the consumer side," said Andrew Serwin of Foley and Lardner LLP, which co-sponsored the roundtable. "I think that's going to drive compliance on the security side overall. The security breech laws we started in California have just blossomed. It's driving companies today, and we're an example, we encrypted our laptops."
Participants agreed collaboration will be a key factor in achieving cyber security and in making San Diego a cyber security hub.
Some businesses already are collaborating to defend against threats by sharing information about attacks. And roundtable co-sponsor The Security Network, led by Chairman and CEO Michael Jones, works to connect companies that could partner on security endeavors.
Collaboration must extend beyond U.S. borders, participants said. Cyber space is everywhere, and security must be implemented on all fronts.
"This is an international problem," Stephens said. "Europe, Asia, all countries interested in this are going to have to come together.
"It's not something we can do just here. We can protect the United States, but what does that mean?"
But creating a worldwide approach to security will not be easy, Thomas Kaye, president of Tom Kaye and Associates Inc., pointed out. Even getting two U.S. military branches to agree on a solution is difficult.
As collaboration and governance are put in place and security threats grow, industry and government might need to consider new approaches to guarding their own systems.
Raytheon's Porter suggested having an offensive team to attack your own system to find weaknesses while the defense team continues to work, following the codebook, to put up walls and take other measures to combat a threat.
"But offense folks don't follow a codebook," Porter said. "You need folks thinking innovatively of different ways to go find those vulnerabilities, put bots in place, as a way to test your own system, your own products, whatever."
In order for San Diego -- or any U.S. city -- to become a hub for cyber security, the proper work force must be in place. And already, the shortage of college students pursuing careers in math and science is well known.
Stephanie Dietrich, manager for industry partnerships at UCSD for CalIT2, said industry and education should reach out to a different student population than the middle-class group typically targeted.
As a former educator in a low-performing school, she said she knows first hand that those students have the street smarts to be invaluable assets to cyber security, but rarely are given the resources needed to develop those skills.
Those students could be the innovative thinkers Porter described who would attack a system to find its weaknesses.
Overall, Dietrich said, the education system needs to prepare students for technical jobs at all skill levels to fill the work force.
"Every kid should not go to college, but we do need to give them skill sets that can be part of that manufacturing," she said.
"One reason some companies I've dealt with say they're going overseas is that we don't have a good technical blue-collar work force."
Chief Operating Officer, ESET
President & CEO, Sentek Consulting
Manager, Industry Partnerships, CalIT2, UCSD
Corporate Relations Manager, Integrits Corp.
Chairman & CEO, The Security Network, Roundtable Co-sponsor
President, Tom Kaye and Associates Inc.
Technical Director, Navy C4I Systems, Lockheed Martin
Director of Programs and Transition, Information Security Solutions, Raytheon
Partner, Foley and Lardner LLP, Roundtable Co-sponsor
Enterprise Technologist, Navy and Marine Corps Technology Center, Computer Sciences Corp.