Imagine flipping open the latest edition of a magazine and instead of seeing a list of the most walkable or dog-friendly cities, finding the most cyber-friendly cities, and then placing importance in the results.
It sounds unlikely now that people would choose where to live based on the cyberclimate, but participants at a recent Daily Transcript roundtable predicted this will be the case within a few years.
And that San Diego will be at the top.
“I would predict that within 10 years, you’ll see cybersafe cities as a benchmark of where people decide to live, because if you think about it, cybercrime is a form of crime and people consciously choose to live in safe communities,” said Darin Andersen, CEO and founder of CyberUnited and founder of CyberTECH. “I think San Diego does have a cyber-infrastructure that’s probably second to none.”
While San Diego is ahead in many respects — thanks not only to its strong cybersector of 100 companies and 3,500 private-sector jobs, but also its many high-stakes tangential players — work remains to create a cyber-infrastructure.
The telecom, military and health industries had interests in being early entrants into the cybersphere, and San Diego is now home to many startups and data companies in the field, all of which combine to make the region fertile ground for cyber-innovation.
“Using the public health model, I think the recent Ebola incident is a great example,” said Michael Kaiser, executive director of National Cyber Security Alliance.
“There’s a huge infrastructure in place, down to the individual who gets infected and what happens right around them at that moment, what happens to follow up … that medical health infrastructure took a long time to create. It was not created overnight and I think that’s what is starting to happen here is to develop that infrastructure.”
By all accounts, the key to developing — or strengthening, as the case may be in San Diego — that cyber-infrastructure is collaboration among levels of government, private industry sectors, military organizations such as SPAWAR, and individual consumers.
San Diego’s Cyber Center of Excellence aims to serve as a moderator for this collaboration, with center co-Chairman and ESET North America CEO Andrew Lee using attack reporting as an example.
“We need to get to that with cyberbreaches, where it’s seen as an important part of securing the world, securing the Internet, to actually share the information and not have these huge punitive measures,” Lee said.
“Because right now there are pretty bad punitive measures — a disincentive to report and share what happened and a disincentive to learn from it, because you don’t want to say, ‘We might have the same problem as them.’ ...
"If we can get to a point where we’ve got this openness about sharing in whatever mechanism there is — and CCOE has talked about figuring out how that works — so we can create an environment where people are able to speak about what’s going on and share information, that helps.”
Another key partner in this collaboration is law enforcement, although actually prosecuting cybercrimes is difficult, given the ease with which perpetrators can hide their identity and goals.
Andrew Serwin, partner at Morrison & Foerster, said this amplifies the need for compromised companies to report attacks, and then receive appropriate advice.
“I think we’ve got to get to a place where rather than, in essence, blaming the victim, we try to actually provide resources to help companies be proactive and not lay the same kind of stigma we see a lot of times in these cases,” Serwin said. “And I think the CCOE can offer a path forward to do that.”
Because even the most proactive companies with security built in by design will be targeted at some point. As Lee said, he sees 300,000 to 400,000 different types of threats every day. It’s not a matter of if, but when.
And as the Internet of Things age rapidly unfolds, there are plenty of companies not taking this safety-first approach.
“I’m not a technologist, but [the Internet of Things] has been rolled out so quickly that the developers are not taking the extra time to develop the security features, the privacy features, that need to be in there,” said Beth Givens, executive director of Privacy Rights Clearinghouse.
Givens used the recent TRENDnet case — where the company provided so-called safe cameras for parents to monitor their children on video, but did not build the cameras to keep other viewers from being able to see the children, too — as an example.
This case raises the question of regulatory necessity. Will startups build privacy into new products or will companies provide for data security out of business preservation, or must it be legally required?
Some panelists pointed out that venture capital firms won’t back a startup that hasn’t considered privacy to minimize risk. Others said that because many companies aren’t aware of the issue, some regulation will be necessary. One way or another, cybersecurity will have to be a top priority for everyone.
“The Navy, their approach to cyber is going to be an all-hands effort,” said retired Rear Adm. Kenneth Slaght, vice president of the Naval IT Solutions Sector at General Dynamic and Lee’s CCOE co-chairman.
“In other words, yes, they literally stood up a new fleet, 10th fleet, that was going to take care of this issue, and they quickly realized you just can’t put … one guy in charge and you solve the problem.
"They decided it’s really from the bottom up. You have to start with every sailor in the fleet and start the education at that level if you’re going to get your arms around the magnitude of this problem.”
All agreed that a cultural shift is in order in the cybersecurity world, and every person needs to be on board.
“We have to have a culture of cybersecurity,” Kaiser said. “We do this all the time in other areas of technology. We are a car culture [so] we have basic safety and security for traffic — not that its perfect, because it’s never perfect and people can live with the potential risk of getting in a car accident. … but everything is built around that.
“I think that’s the opportunity here in San Diego — with all the things that you have going — … to not only build the relationships and collaborations and all those things, but the culture of cybersecurity.”
* Sponsor Article: Moving to the cloud safely and securely
Darin Andersen, President, CyberTech
Rick Belliotti, Director of IT Services, San Diego County Regional Airport Authority
Tom Caldwell, President, Cyberflow Analytics
Beth Givens, Executive Director, Privacy Rights Clearinghouse
Michael Kaiser, Executive Director, National Cyber Security Alliance
Andrew Lee, CEO, ESET North America
Andrew Serwin, Partner, Morrison & Foerster LLP
Rear Adm. Kenneth Slaght (retired), VP Naval IT Solutions Sector, General Dynamics Information Technology