A warning about cyber security from a former CIA Director

A former CIA Director was in Tulsa this week warning about cyber security.

The Tulsa World had the story about John Brennan’s visit.

Former CIA Director John Brennan contends a key to navigating cyber minefields isn’t worrying about today.

It is preparing for tomorrow.

“That digital environment is not a static environment,” Brennan said Monday morning at Tulsa Cyber Summit 2019 at the Hyatt Regency Tulsa hotel. “It constantly changes, and you’re constantly incorporating new capabilities into it.”

Brennan recalled the CEO of a large company once complaining to him about spending $2 million on cybersecurity in consecutive years.

“If somebody thinks that making a $2 million cybersecurity investment this year is going to take care of things for the future, that’s not the case,” he said. “…You need to be able to anticipate where things are going, and you, the experts, know best how that cyber environment is evolving and changing.”

Brennan and Aanchal Gupta, director of security at Facebook, were among the keynote speakers at the Summit, which runs through Tuesday. The event is sponsored by the George Kaiser Family Foundation, Cox Business and the University of Tulsa Tandy School of Computer Science.

Brennan served as CIA director from March 2013 to January 2017. He was chief counterterrorism adviser to U.S. President Barack Obama, with the title Deputy National Security Advisor for Homeland Security and Counterterrorism and Assistant to the president. Previously, he advised Obama on foreign policy and intelligence issues during the 2008 election campaign and presidential transition.

“A real challenge for the intelligence community and the law enforcement community is dealing with that wide array of mal actors that are out there, from the nation-states and intelligence agencies that are out there to the individuals who deal with it like a video game,” Brennan said. “They want to navigate into systems and see how far they can get in and then they want to see what they can disable or destroy just to say that they’ve been able to do it.

“You can never make a digital domain impenetrable. You just need to understand what you need to do in order to make it much more difficult for those mal actors to get past your defenses, as well as have the ability to detect as quickly as possible any types of unauthorized intrusions.” 

During her lunchtime keynote, Gupta said the annual cost of global cyber crime has reached $600 billion.

“There were days when all the threats used to be because of financial reasons or to make a statement or to deface a business,” Gupta said. “Not anymore. They are an act of terrorism, maybe espionage, maybe sabotage.

“Then you think about these threats. These are very widespread. Our attackers have now means, motives.”

She stressed the importance of establishing digital security communities.

“Our attackers, it’s a total underground economy; they share tools,” Gupta said. “Why don’t we share tools? Why don’t we share intelligence? Why do we remain so much in silence?”

On the corporate level, many companies treat cybersecurity discussions as an act of compliance, which is a mistake, she said.

Facebook, by contrast, injects fun into the mix, holding an annual monthlong event in October called Hacktober, during which the firm tests employees’ abilities to recognize threats, such as phishing emails.

“It’s basically trick or treat,” Gupta said. “If you get tricked, you get tricked. Otherwise, we will treat you with swag.”

%d bloggers like this: