Cybersecurity experts cautiously optimistic about 2016
Loading...
It's been an active year in cybersecurity.听Washington and Beijing reached a historic agreement around cooperation for curtailing digital espionage, the US government suffered its听largest known data breach, and there was a seemingly endless string听of breaches and hacks.
Looking ahead to 2016, there's little indication from experts that online threats will be any less numerous or menacing. But there is optimism that groundwork laid this year could pay dividends in the year ahead. That's especially the case regarding negotiations with China to thwart commercial hacking, said听Ellen Nakashima, national security reporter at The Washington Post.
"It鈥檚 a combination of these tools and these measures by the US as well as expressions of concern by others 鈥 industry and academia 鈥 that could start to move the needle next year," Ms. Nakashima said.
Nakashima joined a panel of听cybersecurity and legal experts to discuss some of the most pressing trends in cybersecurity听at an event hosted by the Atlantic Council think tank in Washington. Passcode was the exclusive media partner for this Cyber Risk Wednesday event. Here are three things we learned:
1. New norms emerged for reporting cyberthreats
Companies are going public much faster after breaches, according to Nakashima. For instance, she said, the way Home Depot notified customers about its 2014 breach 鈥 and quickly started looked for solutions to mediate the impact 鈥 influenced how other companies responded to breaches this year.听
"There鈥檚 been a gradual shift away from blaming the victim," Nakashima said. "Yes, people feel like companies should be responsible for cybersecurity, but they also understand this is such a widespread and pervasive problem that what company hasn鈥檛 been hacked?"
2. Cyberthreats are bigger problems for small businesses
More small companies are reaching out to the government for help with issues around cyberattacks, said听Sean Newell, deputy chief for cyber, counterintelligence, and export control section at the Department of Justice. Unfortunately, he said, small firms don't have the same capacity as large corporations to confront dangers online.
"I wonder if that鈥檚 going to push the threat down to mid- or smaller-sized companies," Mr. Newell听said. "I see that as an issue coming forth in the next year."
3. Progress with China takes time
It's a good sign that there hasn鈥檛 been another attack such as the Sony Pictures breach, said Jason Healey, senior research scholar at Columbia University鈥檚 School of International and Public Affairs.听Even though the US blamed North Korea for the Sony hack, Obama administrations officials the government has sought China's help to stop attacks coming from North Korea. Indeed, said Mr. Healey, success with the Chinese shouldn't be measured only in terms of the recent cyberespionage deal.听Instead, it should be seen as incrementally better than it was previously.
"Diplomacy isn鈥檛 binary, right? It鈥檚 not one or zero," he said. "If this decreases Chinese espionage by 10 percent, it is quite possibly the most successful thing we鈥檝e ever done to reduce Chinese espionage."
听
Two notable quotes:
1. If the US decides it鈥檚 necessary to monitor smartphone apps for potential terrorist activity, Healey said, it is feasible that terrorists will attempt to stay ahead of that monitoring by switching apps frequently.
"What do we do when we have terrorists on Tinder?" Healey said. "How far does this go with the proliferation of technologies, that we鈥檙e going to continue to chase them down every hole? Does that scale?"
2. 听Looking forward at whether the US's efforts with China have effectively stanched the country鈥檚 efforts to hack for economic gain, Nakashima said President Obama鈥檚 executive order this year might shed light on possible next steps. The order allows him to impose economic sanctions on either companies or individuals that conduct cyberattacks, including for economic gain.
"If China continues to conduct economic espionage and is essentially violating its pledge, I would expect the administration, before its term is out, to go forth and impose those sanctions," she said.
Notable tweet:
Correction: This story was updated after publication to correctly identify the panel participant from the Department of Justice as听Sean Newell,听deputy chief for cyber, counterintelligence, and export control section of the听National Security听Division.
听
