Cybersecurity as Seen from the Flight Deck

In my previous blog post (7 Technologies that Impact PCI), I gave an overview of Steven Orfei’s presentation at the PCI Security Standards Council’s 2014 North American Community Meeting in Orlando, Florida. In this post, I’ll talk about another presentation from that same event.

Following Orfei’s presentation, Adm. James Stavridis delivered his keynote address: “Sailing the Cyber Sea: The New Realities of 21st Century Security.” In his speech, Stavridis “covered the waterfront” of security topics, from ISIS propaganda to the Joint Strike Fighter program to the President of Estonia. His common theme was that cyber warfare is a reality—and that new ways to fight it must be developed.

Admiral Stavridis knows a thing or two about warfare. As the 16th Supreme Allied Commander at NATO, he oversaw operations in Afghanistan, Libya, Syria, the Balkans, and piracy off the coast of Africa. He is also the Former NATO Supreme Allied Commander Europe and Commander of the U.S. European Command.

His first point was that technology is ubiquitous now—although we might not be aware of all the ways it is being used. The Ukraine is under physical threat of attack, he notes, but it is fighting on the second front of cyber warfare.

What Stavridis said he found particularly troubling was that Russia is cooperating with the “cyber gang” attacking the Ukraine. He said that Russian intelligence is allowing these gangs to do whatever they want now so that they can use them later should Russia need or want to.

He also talked about the successful Chinese cyber espionage campaign to steal the plans for the Joint Strike Fighter. In fact, he showed a picture of the Lockheed-produced F-35 next to a picture of a new Chinese jet that looked very similar.

He showed a list of the countries that pose the greatest cyber threats. It begins with China, then Nigeria, Brazil, Ukraine, Russia, and ends with Vietnam. And while noting that it wasn’t a “country,” Stavridis pointed out that Al-Dawla Al-Islamiya fi al-Iraq wa al-Sham (also know as ISIS or ISIL) has become an active practitioner of cyber warfare.

A surprising high note was that, according to Stavridis, the president of Estonia Toomas Ilves has emerged as one of the most savvy and well-respected authorities on technology and cybersecurity.

In 2007, Estonia suffered from a massive ten-day cyber attack that disrupted its financial sector. The attack was believed to have been directed by Russia after Estonia sought to remove a Soviet war memorial. Under President Ilves’ guidance, the country began to embrace technology. Today, 99% of Estonian tax returns are handled electronically, 97% of health prescriptions are filled online, nearly 100% of bank transactions take place over the Internet—and a company can be started electronically in as little as 18 minutes.

Stavridis’s point wasn’t to show how cool Estonia is. His point was that when it comes to cyber warfare the countries that face the greatest danger are those that are the least prepared. With this as the yardstick, how safe is the U.S.?

Like PCI GM Orfei, Stavridis sees hope in collaboration and points to the European Community’s annual Combined Endeavor (CE). CE has been called the largest command, control, communications and computers (C4) interoperability event in the world. One of its goals is to give “the good guys” a chance to practice together.

There’s no doubt that cyber attacks will become a thing of the future. As Stavridis points out, we all have to assume we're going to have a breach—and then practice how we will resist that intrusion. This, he concluded, is the sort of collaborative activity we in the U.S. need to start thinking about. Maybe we can ask the Estonians for help. After all, they are the ones who first organized the Combined Endeavor.