I was honored to attend and speak at AFCEA’s TechNet Europe last week in Paris. Among the keynotes were Ms. Claude-France Arnould, Chief Executive, European Defence Agency, Lieutenant General Wolfgang Wosolsobe, Director General, EU Military Staff and Mr. Bruce Schneier, world-renowned cyber security expert and CTO, Co3 Systems.
For his part, Bruce reiterated that both the loss of control of our data (to the cloud) and how we access our data (tablets and phones) impact our security. At Palo Alto Networks, this is a key part of our value proposition for governments around the world, and why we need to make visibility of all that’s happening on our networks an urgent priority. Militaries worldwide must “modernize” their cyber plans to keep up with our changing networks. We can’t put off an updated cyber security plan while we wait for the world to stabilize, hoping we can “come back” to the topic of cyber when there’s just a little more time.
I participated in a panel covering Modern Cyber Defence and whether it requires “built-in security.” My fellow panelist, Mr. Wolfgang Röhrig, Programme Manager & Project Officer for Cyber Defence at the European Defence Agency, emphasized many of my same points about the importance of securing SCADA systems and provided an overview of the EDA’s Cyber Defense Research Agenda.
While neither Bruce nor Wolfgang accept the name cyber “war” to depict our current state, agreeing on the term “war” vs “conflict” is the least of our concerns – how you prepare for them should be the subject at hand. We are in the midst of some level of conflict in cyber, yet we are not preparing as if we are. That’s not to diminish the many non-cyber conflicts globally. But to put cyber budget and planning on the backburner in lieu of the urgency of these other conflicts as if kinetic or physical actions are the only possibilities, is naïve.
Any soldier, airman or sailor going into any conflict – regardless of size – works hard to be well prepared. They understand their area of operations and their adversary movements, and they train to prepare for their actions – both defensive and offensive. Yet, too often, we allow our network and cyber teams to remain in conflict over who owns security as if children arguing in a playground. We’re still largely ignoring our SCADA systems, waiting for more budget or for someone higher up the org chart to make it a priority.
Based on what I’m hearing, we’re still not effectively segmenting our networks to ensure resilience against an adversary that will get in and try to move laterally as swiftly as they can. And we know the adversary is not only after sensitive data but also seeks to disrupt communications. We know that SCADA protocol-specific threats exist, so why, with so much evidence at hand, is there not a sense of urgency for cyber?
These were among my points during my presentation at AFCEA TechNet Europe this past week where leaders from across Europe and U.S. military came together to discuss these topics and more. I was not alone raising many of these issues. We all agree they’re important. For my part, I left the audience with examples of best practices they can use now but which will require more work to implement:
I also suggested to AFCEA leadership that we consider active tabletop exercises – using unclassified data – at future events, moving from presentations and hallway conversations to truly testing what we do and do not know about the cyber readiness of our military’s networks, be it the IT or SCADA networks.
My thanks as always to Maj Gen Treche (ret), AFCEA EMEA Chair, and all of the AFCEA leadership for their hospitality and leadership in bringing the collective parties together to advance these important topics.
I left the AFCEA TechNet show to join my colleagues in Barcelona for our annual EMEA Channel Partner conference. It was refreshing to discuss with our channel partners who are actively working with industry to secure their SCADA and ICS systems for water supplies, manufacturing plants, oil and gas operations and more throughout Europe and the Middle East. Now how do we get our world’s militaries to do the same?
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.