The Manhattan, N.Y., district attorney's office and London police have teamed up to identify measurable ways to mitigate cyberthreats. In association with the Center for Internet Security, a not-for-profit organization that oversees the Multistate Information Sharing and Analysis Center, the two law enforcement organizations have founded the Global Cyber Alliance, and tapped former Sony CISO Phil Reitinger as its chief executive.
The Global Cyber Alliance's primary mission is to identify systemic risks in the public and private sectors for which mitigation might be difficult to implement, Reitinger says in an interview with Information Security Media Group (click player below image to listen).
Reitinger explains that the law enforcement agencies founded the Global Cyber Alliance because deterrence hasn't worked well to diminish cyber risk.
"With the level of cybercrime what it is right now, the actual risk of getting caught is low enough so that the deterrent is not really that effective," says Reitinger, formerly deputy undersecretary for cybersecurity at the U.S. Department of Homeland Security and a top cybercrime prosecutor at the Justice Department. "So, we need to work on the prevention side. And, on the prevention side, we're substantially losing. ... We are getting better. It's just the bad guys are getting better, faster."
In the interview, Reitinger:
- Outlines the two-prong approach the Global Cyber Alliance is taking: identifying specific risks to tackle and assembling the right group of stakeholders to implement measurable mediation solutions as well as defining methods to quantitatively measure systemic risks;
- Discusses the frustration cybersecurity professionals experience in trying to identify and implement security solutions that can be measured; and
- Explains the importance of implementing cybersecurity remedies that can be measured.
"In the security space, we're all medieval barbers," Reitinger says. "We may be very good practitioners; we know what the right thing to do is. ... But there is very little science behind any of this. It's all ad-hoc, religious knowledge. Basically, a lot of cybersecurity is people who know where to put the leaches. In the long term, what we want to do is build the scientific basis - is this working or not - instead of trying to do a lot of navel gazing."
Reitinger's first exposure to cybersecurity was toward the end of the last century, as deputy chief of the computer crime section of the Justice Department. He served as executive director of the Defense Department Cyber Crime Center at the start of the millennium before joining Microsoft as chief trustworthy infrastructure strategist. During the first two years of the Obama administration, Reitinger held two key posts at the Department of Homeland Security: deputy undersecretary and director of the National Cybersecurity Center. Sony tapped Reitinger as its first CISO in 2011 after hackers victimized the entertainment conglomerate's PlayStation network. Since leaving Sony in 2014, Reitinger has served as a non-resident senior associate in the strategic technologies program at the think tank Center for Strategic and International Studies.