“Not a day goes by that I don’t hear about a virus or a breach. For me, there is a very clear equation since I began my service in the NSA: If you put something on the Web, it will be discovered. There will always be threats. Every software has holes. I can’t speak about specific events, but the threats exist and they are real,” says Nick Combs, Chief Technological Officer of the federal department at EMC, in an interview held during his visit to Israel in June.
Combs made his way to the commercial field after nearly 30 years in which he presided in a variety of senior positions in the US intelligence community, in organizations such as the NSA, DoDIIS and others. Today he is responsible for EMC’s interface with the intelligence community, the postal service and all branches of government, in intelligence and the Department of Defense in the United States. In the framework of his job, he learned of technological developments and challenges in both the commercial world and the defense field, and like other senior officials in the IT field around the world, he believes that cyber exists and represents a genuine threat.
“The cyber war is a genuine threat. The critical infrastructures are based on technology and electricity, and it’s enough to think of a scenario in which a nuclear facility loses control to emphasize the threat. In the field of crucial infrastructure defense, it would be a disaster if the systems are revealed. This is why there is a need to transition from static architecture to proactive control. This is not just to allow for entry, but also to protect the information itself. The next war will be fought in the cyber expanse, that much is sure.
“A senator approached me once and asked, ‘tell me, Nick, with all these cyber threats, why does nothing work?’. I replied that the hackers don’t want the systems to work. They want to be there, see what we are planning to do and be prepared. The working assumption is that hackers are inside all of our systems.
“Today, security is no more than a broken defense network, with security solution points in the form of products. We need to build the defensive measures directly into the hardware. We must build an architecture that begins in the software, through the operating system and up to the hardware. This is another way to look at information security.
“A border security (entry) needs to be passed to manage the information. The commercial industry does this well. For example, if I travel to the US and I've stopped to fill up on fuel at a place that is beyond my ordinary behavior pattern, I need to provide my zip code in addition to my credit card. In another instance, if I made a payment in Los Angeles and was at the east coast two hours later, the system automatically halts my payments. This is identification over several stages.
“To take another scenario, in the military, if I enter my office every day, then perhaps I don’t need security to be so strong on my stationary computer. However, if I take my portable computer, then several stages of identification are needed. We must put information security around the information itself, and limit the access to it in a manner that will allow every element to be exposed solely to the information it requires. This is all about information management rights.”
“It all depends on how you define a cloud. There are public, private and hybrid clouds. There are dozens of governmental organizations and six large intelligence agencies in the United States, and they are all collected to a cloud. This can be done with a public cloud, and these capabilities can also be brought to the intelligence community via a hybrid cloud. This is a collection of clouds connected together with a shared infrastructure.
“In today’s intelligence, we need to be able to exchange information between the different organizations. There are challenges in connecting between groups such as the DEA, NSA and others, but it is possible to establish such a community cloud for intelligence. People need to understand that you can still supply a cloud and supply the necessary sensitivities pertaining to the information. If we can do this in the US, it can also be done in other places.”
“It is a considerable challenge. If you see the US army and think of a perception that says ‘every soldier is a sensor', in the sense that the soldier is a source of information and there are 1.5 million soldiers – then we are talking about 1.5 million sensors. There are capabilities such as 3G and 4G networks that the military is thinking of incorporating in the battlefield. One of the most difficult things to do is to incorporate such communication capabilities in the last mile. How do I incorporate these capabilities, and how do I enable national tactical systems to communicate with the soldiers in the field? This is not a simple challenge.
“Another challenge is to develop analysis and fusion capabilities for big data. Today, we can collect the information and analyze, but one of the challenges is to carry out a decentralized analysis via an ‘information marker’, which is an entity present in various places in the field, carrying out local analysis and working with the central system.
No comments:
Post a Comment