Joel Brenner Keynote at CEIC 2014: The Changing Face of Espionage

For more than a decade, a series of high-profile security breaches have bought to light the vulnerability of the security systems upon which we rely. The best known include:

• Titan Rain: Hackers were able to gain access to U.S. defense contractor computer networks and siphon off large amounts of information.
• New York Times: Ten years after Titan Rain, Chinese hackers broke into the New York Times network and gained access to employees' computers and passwords.
• Target: More than 40 million credit and debit cards and 70 million records, including names, addresses, email addresses and phone numbers of customers were stolen in the attack on the retail giant.

Cybersecurity expert Joel Brenner shared deeper insights into the state of security with CEIC 2014 attendees in his keynote speech. In spite of a series of high-profile, damaging attacks dating back to 2003, public and private organizations are still under siege, and there is no end in sight.

When he was the NSA’s inspector general, Brenner was responsible for the agency’s top-secret internal audits and investigations. He went on to oversee U.S. counterintelligence policy and strategy for the director of national intelligence, where he was responsible for integrating the counterintelligence activities of the 17 departments and agencies including the FBI, CIA, and the Departments of Defense, Energy and Homeland Security.

Former NSA Inspector General and counterintelligence expert Joel Brenner presenting at CEIC 2014 in Las Vegas.

Espionage used to be just an issue for agencies like the ones Brenner oversaw. That is no longer the case, he cautioned.

And it's not just a concern for the U.S. government anymore, Brenner claimed. It's a problem for any organization with secrets to keep. Sensitive information is at risk, as well as valuable intellectual property.

Brenner noted that technologies that cost billions of dollars to create are being siphoned off at an alarming rate. This includes engineering designs and other intellectual property for military and commercial technology.

We’re facing espionage on a “grand scale,” Brenner noted. Technology has transformed espionage, making it easier to conduct remote attacks, gather intelligence and infiltrate networks from half way around the world.

Economic espionage is encouraged in some countries as a way to support companies within their borders and is seen as a way to compete economically with other nations. Furthermore, some countries don’t make a moral distinction between government and economic espionage.

“The risk to our nation is great and growing,” Brenner told attendees.

Even more chilling--total security is a myth, Brenner claimed. Organizations need to decide on an acceptable level of risk. This involves making difficult decisions and is a conversation that needs to incorporate the upper echelons of management.

Brenner outlined several areas that organizations must examine:

• Are you a target of choice or opportunity?
• Who wants what you’ve got?
• What’s important? (You can’t protect everything.)

There also needs to be a shift in how organizations view information security. In most organizations, security is siloed within various departments such as legal, operations management, information technology and human resources--each with a distinct view of how security should be managed. To complicate things further, each department may stress different aspects of security or consider its functions and responsibilities the responsibility of another department.

What’s missing is effective policy, which needs to happen under the C-suite, Brenner noted. “We are looking at risk levels that are frightening,” he said, noting organizations have to “stop walking backwards” in response to threats to their networks.

Did you attend CEIC 2014? Have a comment? We welcome discussion in the comments section below.