RSA's Coviello: How to Use Big Data

Analysis, Intelligence Sharing Key to Defending Against Attacks

Cyber-attacks will become more destructive within three to five years, predicts Art Coviello, executive chairman of the security firm RSA.

"There's about to be a big change," he says in an interview at RSA Conference Asia Pacific in Singapore [transcript below].

Today, it's difficult for cybercriminals to launch a destructive attack from the Internet without some manual intervention, Coviello says. But when the Internet migrates to IPv6, the whole environment will change, he says.

"In the next three to five years, when you have all of these control systems connected to the Internet, and as literally hundreds of millions of devices get deployed, you're going to have an attack surface that's just unbelievably large," he says. "That will form the basis of potential for destructive attacks."

Organizations need to fully understand the threats that are emerging to take appropriate preventive measures, Coviello says.

During this exclusive interview, Coviello discusses:

  • Why destructive cyber-attacks will become a bigger threat;
  • The example governmental bodies in Singapore are setting for other global markets on information sharing and cybersecurity training;
  • Unique challenges and opportunities for cybersecurity in Asia Pacific;

Coviello oversees RSA's strategy and overall operations for information-centric security. The information security industry leader plays key roles in several national cybersecurity initiatives. Coviello has more than 30 years of strategic, operating and financial management experience at high-technology companies.

Information Sharing

TRACY KITTEN: How critical is information sharing in cybersecurity?

ART COVIELLO: Certainly, information sharing is critical. In my keynote, I talked about the need for an intelligence-driven security model, and intelligence-driven models have to thrive on just that - intelligence. Information sharing is the mother's milk of this kind of a model, and it has to happen on multiple levels. I called for governments to take the lead in being a clearinghouse for information sharing, but companies and industry associations also have to play a key role in creating an ecosystem of intelligence there. In other words, vendors need to share intelligence with vendors within vertical industries. Industry groups have to share information. Then we all have to share it with one another. And governments represent the best place to not only anonymize [information], but to act as the clearinghouse, to disseminate that information.

Big Data

KITTEN: Why is big data such a focus?

COVIELLO: For two reasons. Big data is one of the issues with the expansion of the attack surfaces. As we create more and more of these big data stores and develop applications to extract intelligence from these big data applications, they themselves will become targets of cybercriminals, rogue nation-states and hacktivists. But the flip side is also true - we can use big data analytics to spot anomalous behavior in people and in the flow and use of data. Big data analytics becomes a security technique. And it's actually quite exciting because ... it's the one way that we have a chance at catching up to and being in a position to keep pace with our adversaries, even in the face of a lot of uncertainty that exists in the world today.

Singapore's Cybersecurity Significance

KITTEN: What role will RSA be playing, if any, in assisting with information sharing and government collaboration?

COVIELLO: Like many vendors, we will be supplying technology to the lab and hopefully we will have the opportunity to provide advisory services. But I really want to take the time to laud the Singapore government, not only for being such gracious hosts, but taking a strong leadership role in working with the Asian countries to foster more cooperation. I was at an event with officials from those countries with the Singaporean government. This is the kind of momentum-building event that augers well for the future. Again, my hat is off to this government.

KITTEN: Why is Singapore so significant, from a cybercrime and risk perspective?

COVIELLO: The government interest is one [reason], but Singapore has a very advanced economy, [and a] really attractive talent pool of people. They just get it and they're acting as if they do. We're going to be investing a fair bit in Singapore over the next couple of years as we develop an anti-fraud command center capability for the Asia Pac region. The thing that Singapore has that is attractive for that center is a fairly diverse culture, [with] lots of language skills. If you're going to service a diverse region, this is a very good place to do it from.

Increasing Awareness

KITTEN: Why is the timing right for an event like this?

COVIELLO: I've actually been asking myself that question, because we're surprised with the success that we're seeing in terms of the number of registrants. I think that it's not just the level of awareness that I referred to in my keynote, but the level of understanding of the problem is going up. If you have awareness, you may or may not act on it. If you have understanding, you have a tendency to act on it. I think the level of understanding is going up through the region. The attacks are escalating. The deployment in adoption of technology is increasing [and] the attack surface is also creating more issues. The time is now. The need is now. The threat is intense. I think it's a perfect storm of reasons for us to come together here and, quite frankly, I think it's going to build very quickly over the next couple of years.

Asia Pacific's Regulatory Landscape

KITTEN:What are some of the regulations and differing environments in this part of the world that pose challenges for cybersecurity and intelligence sharing?

COVIELLO: Regulation - the bane of my existence. The problem is it's so difficult for governments to keep up with the ephemeral nature of technology and the uses of it. That makes it doubly difficult for them to regulate. Part of the advice I gave in my keynote is that governments should be focused on outcomes, not prescriptive measures. But you made a good point. Having diverse regulations makes it that much more difficult for a security vendor to provide a horizontal solution capability because we have to be in a position to comply with regulations, and sometimes the technologies can trigger things like privacy regulation issues around deployment. It's a problem, and we do our best to work around it.

Attack Origins

KITTEN: Are cyber-attacks stemming from Asia a concern?

COVIELLO: Yes and no. If you're in the United States, you think all the attacks are coming from Asia and Europe. If you're in Asia, you think all of the attacks are coming from Europe and the U.S. If you're in Europe, you think all of the attacks are coming from Asia and the United States. Quite frankly, the attacks are coming from everywhere, and the United States does have a disproportionate share of the sources of attack, not because there are more Americans doing the hacking. It's because America is such a great hosting site. ... Korea is another one. Korea has tremendous bandwidth. If I'm going to set up a botnet, I might as well take advantage of all that bandwidth in Korea. It doesn't matter where the attacks appear to be coming from. What's important is where the source is, and ... while it would be nice to be able to track the source, we have to develop solutions that will protect us from any attacker no matter where they come from.

Evolution of Attacks

KITTEN: Are destructive attacks something we should be concerned about?

COVIELLO: It's getting to be a more urgent concern. If we start acting today, we've got a chance. One of the issues we've had - and this gets back to the difference between awareness and understanding - is we've had awareness of things like Cyber Pearl Harbor and Cyber 9/11. Since 9/11/2001, they've been talking about things like that. Have they happened yet? No. What we've got is a situation where we've had 10 years of awareness and nothing has happened. It's like that fable of the boy that cried wolf. If nothing has happened in 10 years, then I don't believe it's ever going to happen, but there's about to be a big change.

When we migrate to IPv6 and have the Internet of things, we're going to connect hundreds of billions of devices to the Internet. Today, there's only about a billion devices connected to the Internet. It's extremely hard, if not impossible, to launch a destructive attack from the Internet without some form of manual intervention. But in the next three to five years, when you have all of these control systems connected to the Internet, and as literally hundreds of millions of devices get deployed, you're going to have an attack surface that's just unbelievably large. That will form the basis of potential for destructive attacks.

KITTEN: Are there any final thoughts you'd like to share about the need for more public/private partnerships?

COVIELLO: We've got the right tenor of discussion around public/private partnership. There's probably nothing to add there. In terms of the show itself, one of the other points I made in my keynote speech is ... the larger vendors have to develop complete suites. There has always been this argument of best-of-breed versus product suites. Our products have to be more and more like suites and they have to be best of breed. Either we do it ourselves or we do it in combination with other vendors. And the controls that get developed have to have this big data orientation or we'll never get to a point where we get true defense in depth. We end up with these isolated individual point things that are, again, the bane of existence for our practitioners and customers.





Around the Network