Tom Gann – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Wed, 20 Feb 2019 07:32:59 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Tom Gann – McAfee Blogs https://securingtomorrow.mcafee.com 32 32 Step Up on Emerging Technology, or Risk Falling Behind https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/#respond Fri, 18 Jan 2019 22:00:30 +0000 https://securingtomorrow.mcafee.com/?p=93885

Earlier last year, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) put out a call for public comment on criteria for identifying emerging technologies that could potentially be subject to future export control regulations. The tech industry responded in full force, providing recommendations for how the federal government can ensure U.S. competitiveness in […]

The post Step Up on Emerging Technology, or Risk Falling Behind appeared first on McAfee Blogs.

]]>

Earlier last year, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) put out a call for public comment on criteria for identifying emerging technologies that could potentially be subject to future export control regulations. The tech industry responded in full force, providing recommendations for how the federal government can ensure U.S. competitiveness in the global market while supporting the development of emerging technology (read comments submitted by McAfee here).

Emerging technology poses an interesting challenge for tech companies and federal regulators alike. In many cases, technologies that BIS designates as “emerging,” such as AI and machine learning, are already in widespread use around the world. Other technologies like quantum computing are very much in the research and development phase but have the potential to alter the course of national security for decades to come. Many of these technologies are difficult to define and control, and many are software-based, which greatly complicates the development of regulation. Software technologies, by their very nature, are fundamentally different from physical items and physical process technologies. Their intangible, readily-reproducible character makes software-based technologies inherently difficult to define and control.

This task is enormous and must be handled cautiously, as history has provided countless examples of how overregulation has the capability to hamper development. A poignant example of overregulation at the cost of progress is the automobile industry. According to Deloitte, although tough restrictions on automobiles were nothing but well-intentioned in the late 1800’s, regulation greatly hampered research and advancement. The early days of the automobile industry should serve as a cautionary tale when it comes to regulating new and innovative technology.

The U.S. is in a unique position to act to protect our technological interest and secure the nation’s position as a global leader. The U.S. secured a pivotal tech leadership role, having spearheaded the development of the internet in the early 1990’s. The nation has immense power and potential to take the mantle on emerging technology, and the stakes are high. Some of the country’s greatest accomplishments have stemmed from empowering the private sector and encouraging innovation. For example, tremendous strides in private sector space exploration have been made possible due to the support and administration of empowering legislation. Companies like SpaceX and Boeing are creating next generation space technology, working each day to ensure that the U.S. maintains competitiveness.

Cybersecurity is another area that requires particular attention. Given the global availability of cybersecurity tools, many of which make use of the emerging technologies under review, McAfee understands that great care needs to be taken by our government before imposing additional export controls on American cyber companies. These rules can have the unintended and harmful consequence of stunting the growth and technical capabilities of the very companies that currently protect vital U.S. critical infrastructure, including federal and state government infrastructure, from cyber-attacks. As a leading nation, it is critical to stay ahead of threats by criminal actors. This is only possible if cyber companies have the ability to access global markets to fund the research and development needed to keep pace with rapid innovation. Controls should be implemented with a great understanding of the need to stay competitive in global innovation, particularly when it comes to cybersecurity.

Overregulation could cause great harm, and the U.S. government must tread carefully in administering a carefully-crafted, targeted approach. Rather than burdening U.S. software companies with new and substantial export control compliance costs, the U.S. should seek to empower these companies. Any controls deemed essential by the government should be as narrowly tailored as possible, especially given the broad range of current and future companies and technologies. A multilateral approach to export controls on emerging technologies is vital for U.S. companies to remain innovative and competitive in the global marketplace. This cautious approach would ensure alignment between the private and public sectors, ultimately allowing for emerging technology to be front and center. Providing an ecosystem in which the technology of tomorrow can flourish is essential to the U.S. continuing to blaze the trail on emerging technologies.

The post Step Up on Emerging Technology, or Risk Falling Behind appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/feed/ 0
New DHS Agency Will Provide Needed Emphasis on Cybersecurity https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/new-dhs-agency-will-provide-needed-emphasis-on-cybersecurity/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/new-dhs-agency-will-provide-needed-emphasis-on-cybersecurity/#respond Mon, 03 Dec 2018 14:00:54 +0000 https://securingtomorrow.mcafee.com/?p=92843

Cybersecurity is playing an increasingly greater role in our government and economy. As our world becomes more interconnected, the cyberthreat landscape is growing and rapidly evolving. To address both physical threats and cyberthreats, the leading federal agency must have the flexibility and resources to quickly mitigate any potential interruptions or harm. Last week, a critical […]

The post New DHS Agency Will Provide Needed Emphasis on Cybersecurity appeared first on McAfee Blogs.

]]>

Cybersecurity is playing an increasingly greater role in our government and economy. As our world becomes more interconnected, the cyberthreat landscape is growing and rapidly evolving. To address both physical threats and cyberthreats, the leading federal agency must have the flexibility and resources to quickly mitigate any potential interruptions or harm.

Last week, a critical step was taken in how the Department of Homeland Security (DHS) manages cybersecurity. The long-awaited Cybersecurity and Infrastructure Security Agency (CISA) Act was signed into law by the president, reorganizing the former National Protection and Programs Directorate (NPPD) into CISA. The permanent establishment of a stand-alone federal agency equipped to deal with cyberthreats is long overdue and welcome among the cybersecurity community.

CISA will be its own department within DHS, similar to the Transportation Security Administration (TSA), and will be led by cybersecurity expert, NPPD Under Secretary Christopher C. Krebs, who has had a distinguished career in both the public and private sectors. Establishing CISA as a stand-alone agency within DHS elevates both the mission of cybersecurity in the federal government and cybersecurity’s importance and solidifies the position of cybersecurity in our economy.

This is a smart decision on the part of Congress and the White House. It will help the newly created agency outline its priorities, advocate for a separate budget, and further develop recruitment efforts. CISA’s leaders will have the ability to continue to drive a culture of cybersecurity within our federal agencies and workforce while enhancing their capabilities to partner with the private sector to address our nation’s most critical cybersecurity threats.

McAfee looks forward to continuing to work with Christopher C. Krebs and his able team, led by CISA Assistant Director for Cybersecurity Jeanette Manfra.

 

The post New DHS Agency Will Provide Needed Emphasis on Cybersecurity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/new-dhs-agency-will-provide-needed-emphasis-on-cybersecurity/feed/ 0
Securing the Social Security Number to Protect U.S. Citizens https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/ https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/#respond Wed, 10 Oct 2018 13:01:19 +0000 https://securingtomorrow.mcafee.com/?p=91724 With cyber criminals having more flexibility in funding and operations than ever before, U.S. citizens are vulnerable not only to breaches of security but also of privacy. In the United States, no article of personal information is meant to be more private or secure than the Social Security Number (SSN). This is for good reason. […]

The post Securing the Social Security Number to Protect U.S. Citizens appeared first on McAfee Blogs.

]]>
With cyber criminals having more flexibility in funding and operations than ever before, U.S. citizens are vulnerable not only to breaches of security but also of privacy. In the United States, no article of personal information is meant to be more private or secure than the Social Security Number (SSN). This is for good reason. The SSN has become a common identifier in the U.S. and is now integrated into many identification processes across different institutions.

The SSN is also the gateway to all sorts of other personal information – health records, financial positions, employment records, and a host of other purposes for which the SSN was never designed but has come to fulfill. What do all these pieces of information have in common? They are meant to be private.

Unfortunately, the unforeseen overreliance on the SSN as an identifier has left citizens’ identities vulnerable. The reality is that the SSN can easily be stolen and misused. It is a low-risk, high-reward target for cybercriminals that is used for fraudulent activities and also sold in bulk on the cybercrime black market. This has resulted in major privacy and security vulnerabilities for Americans, with some estimates saying that between 60 percent and 80 percent of all SSNs have been stolen. For example, Equifax and OPM breaches exposed probably millions of SSNs.

This is not a new problem.

Twenty-five years ago, computer scientists voiced concerns about sharing a single piece of permanent information as a means of proving a person’s identity. The issue has only recently gained national attention due to major breaches where cyber criminals were able to access millions of consumers’ personal online information. So, why hasn’t there been any significant measure put in place to safeguard digital identities?

A major reason for a lack of action on this issue has been a lack of incentives or forcing functions to change the way identity transactions work. But it’s time for policymakers to modernize the systems and methods that identify citizens and enable citizens to prove their identity with minimal risk of impersonation and without overtly compromising privacy.

The good news is that the U.S. has the technology pieces to put in place a high-quality and high security identity solution for U.S. citizens.

There are reasonable and near-term steps we can take to modernize and protect the Social Security Number to create better privacy and security in identification practices. McAfee and The Center for Strategic and International Studies (CSIS) recently released a study on Modernizing the Social Security Number with the aim of turning the Social Security Number into a secure and private foundation for digital credentials. The report’s ultimate recommendation is to replace the traditional paper Social Security card with a smart card — a plastic card with an embedded chip, like the credit cards that most people now carry. Having a smart card rather than a paper issued SSN would make the SSN less vulnerable to misuse.

A smart card is a viable solution that already has the infrastructure in place to support it. However, there are other potential solutions that must not be overlooked, such as biometrics. Biometrics measure personal features such as voice, fingerprint, iris and hand motions. Integrating biometrics into a system that relies on two-factor authentication would provide a security and privacy threshold that would make it very difficult for cybercriminals to replicate.

What is most critical, however, is that action is taken. This is an issue that deserves immediate attention and action. Every day this matter remains unresolved is another day cyber criminals continue their efforts to compromise consumer data in order to impersonate those whose data has been breached.

With the Social Security Number serving as the ultimate identifier, isn’t it time that we modernize it to address today’s evolving privacy vulnerabilities? Modernizing the SSN will help with authentication, will provide more security, and will help safeguard individual privacy. Modernizing the SSN must be a high priority for our policymakers.

The post Securing the Social Security Number to Protect U.S. Citizens appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/feed/ 0
Insider Threats Deserve Attention, Solutions in Government: Report https://securingtomorrow.mcafee.com/business/insider-threats-deserve-attention-solutions-government-report/ https://securingtomorrow.mcafee.com/business/insider-threats-deserve-attention-solutions-government-report/#respond Thu, 25 Jun 2015 17:48:48 +0000 https://blogs.mcafee.com/?p=44149 As the persistence of insider threats remain a critical issue for government agencies to face. Security leaders like McAfee  have responded by prioritizing solutions that can mitigate insider threats in their pipeline. Government agencies have begun implementing policy changes that can help reduce the risk of an insider threat that can lead to critical data […]

The post Insider Threats Deserve Attention, Solutions in Government: Report appeared first on McAfee Blogs.

]]>
As the persistence of insider threats remain a critical issue for government agencies to face. Security leaders like McAfee  have responded by prioritizing solutions that can mitigate insider threats in their pipeline. Government agencies have begun implementing policy changes that can help reduce the risk of an insider threat that can lead to critical data loss. Still as a recent report shows, there’s work to be done.

The report, which was released by GAO this month, finds that even DoD, which has an overall superior security posture to some of the other agencies, still needs to do more to protect itself against insider threats. The report finds that while some DoD divisions have implemented effective training for insider threat risks, other areas have not. Furthermore, the report found that no agency-wide solution to unauthorized data disclosures yet exists.

So what can agencies like DoD do to close the gaps that remain? McAfee solutions like McAfee Data Loss Prevention (DLP), implemented in a DoD enterprise environment, may hold the key. DLP enforces per-user policy on access to sensitive data and allows IP protection and data encryption/decryption to be centrally managed from McAfee endpoint management solution – ePO. Combined with a Next-Generation Firewall that can identify and detect discrete data packets entering or exiting a network, DLP has the potential to completely shut out any insider threat, even in an organization as large as DoD.

Insider threat isn’t purely a technology or policy problem, and will require a solution with elements of both. We commend GAO for their comprehensive report on this very serious issue. But this report has also paved a way toward solutions that may help agencies reduce this critical threat someday soon. The report is a vital read for any technology or security practitioner in government

To read the full report, click here.

 

The post Insider Threats Deserve Attention, Solutions in Government: Report appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/insider-threats-deserve-attention-solutions-government-report/feed/ 0