Commerce Secretary Bryson Doesn't Understand Cyber Espionage

Thursday, March 15, 2012

Jeffrey Carr

296634767383f056e82787fcb3b94864

U.S. Department of Commerce Secretary John Bryson wrote an editorial for Politco wherein he provides a high level overview of cyber espionage entitled "The New Face of Corporate Espionage".

While his motive is laudable, his content reveals a not surprising lack of knowledge about the threat.

I say "not surprising" because I can count on one hand the number of senior government officials that I've met who understand the complexities of this problem.

The give-away in Secretary Bryson's editorial is this sentence: "many cyber-intrusions could be prevented by implementing sound cybersecurity practices."

That's absolutely false. While many companies can do much more than they're presently doing, we're talking about adversaries that are adaptive.

If the targeted corporation implements poor security, the attack vector will take advantage of an obvious flaw which "sound cybersecurity (sic) practices" could have remedied.

However that doesn't mean that the attack won't happen. It just means that the adversary will find a different attack vector, or build a customized one (aka a "Zero-day") to mount a successful breach.

The solution to cyber espionage isn't in implementing "sound security practices", nor will it be found in the passage of any of the cyber security bills currently before Congress.

The U.S. will only begin to save its intellectual property from cyber thieves when corporate boards of directors force CEOs to inventory, segregate and monitor their critical data in real time which usually means re-architecting their entire network.

If Secretary Bryson is truly committed to saving American jobs by reducing the amount of cyber espionage being conducted today, then he needs to hire someone who understands the reality of the threat to advise him on the realities of the threat landscape.

Then the Secretary should go on the road, visiting board rooms and stressing the need for each corporation who's invested in high value technology R&D to do what it takes to address this problem in an informed, serious, and dedicated way.

Possibly Related Articles:
5837
Enterprise Security
Information Security
Enterprise Security Regulation Data Loss Prevention Intellectual Property Espionage legislation Threats Commerce Department Board of Directors John Bryson
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.