Listening to Tony Sager, one might recall the days of the Cold War, when the threat of a nuclear holocaust felt scary and real, but America knew its sole enemy. "The government's job was to save us from the bad guys out there," says Sager, who spent most his 30-plus-year government career as an information assurance leader at the National Security Agency.
America planned for the worst in the Cold War era, and money was no object. "Contrast to today, it was relatively simple," says Sager, now chief technologist of the Council on Cybersecurity, an independent not-for-profit organization that promotes best IT security practices. The council is teaming with IT security vendors, their customers and others to find answers to some of cybersecurity's pressing challenges -- "problems that no one of us should solve on our own," Sager says.
"Today, there's sort of a mass market of bad guys, criminals, joyriders, nation states sort of swirling all around us," Sager says in an interview with Information Security Media Group at the Black Hat conference in Las Vegas, where he presented his ideas on a collaborative approach to cybersecurity. "The big challenge today is that there no one enterprise ... that has the people, the information, the resources to even keep up with this flood of information. I call it the 'fog of more.'
"You got this flood of information about threats, you can walk through the display floor of any major conference and see a near infinite amount of products, services and consulting services. Sorting through that on your own ... is near impossible for the typical enterprise."
In the interview, Sager discusses:
- The need for a community approach to ensure cybersecurity;
- How the Center on Cybersecurity is partnering with security vendors such as Verizon to help enterprises identify the cybersecurity problems they should address;
- Evidence he says shows the effectiveness of the top 20 critical security controls he helped develop more than a half-decade ago.
Sager also serves as the director of the SANS Innovation Center. His last job at the NSA was as chief operating officer of the Information Assurance Directorate. Before that, Sager created and led the Vulnerability Analysis and Operations Group, which was responsible for some of NSA's advancements in cyber defense.