For more than a decade, a series of high-profile security breaches have bought to light the vulnerability of the security systems upon which we rely. The best known include:
- Titan Rain: Hackers were able to gain access to U.S. defense contractor computer networks and siphon off large amounts of information.
- New York Times: Ten years after Titan Rain, Chinese hackers broke into the New York Times network and gained access to employees' computers and passwords.
- Target: More than 40 million credit and debit cards and 70 million records, including names, addresses, email addresses and phone numbers of customers were stolen in the attack on the retail giant.
When he was the NSA’s inspector general, Brenner was responsible for the agency’s top-secret internal audits and investigations. He went on to oversee U.S. counterintelligence policy and strategy for the director of national intelligence, where he was responsible for integrating the counterintelligence activities of the 17 departments and agencies including the FBI, CIA, and the Departments of Defense, Energy and Homeland Security.
|Former NSA Inspector General and counterintelligence expert Joel Brenner presenting at CEIC 2014 in Las Vegas.|
Espionage used to be just an issue for agencies like the ones Brenner oversaw. That is no longer the case, he cautioned.
And it's not just a concern for the U.S. government anymore, Brenner claimed. It's a problem for any organization with secrets to keep. Sensitive information is at risk, as well as valuable intellectual property.
Brenner noted that technologies that cost billions of dollars to create are being siphoned off at an alarming rate. This includes engineering designs and other intellectual property for military and commercial technology.
Economic espionage is encouraged in some countries as a way to support companies within their borders and is seen as a way to compete economically with other nations. Furthermore, some countries don’t make a moral distinction between government and economic espionage.
“The risk to our nation is great and growing,” Brenner told attendees.
Even more chilling--total security is a myth, Brenner claimed. Organizations need to decide on an acceptable level of risk. This involves making difficult decisions and is a conversation that needs to incorporate the upper echelons of management.
Brenner outlined several areas that organizations must examine:
- Are you a target of choice or opportunity?
- Who wants what you’ve got?
- What’s important? (You can’t protect everything.)
What’s missing is effective policy, which needs to happen under the C-suite, Brenner noted. “We are looking at risk levels that are frightening,” he said, noting organizations have to “stop walking backwards” in response to threats to their networks.
Did you attend CEIC 2014? Have a comment? We welcome discussion in the comments section below.