The never-ending defensive: it’s the philosophy inherent to cybersecurity, and the topic is one that’s rising to the top as a priority for the U.S. government as internet-based attempts to besiege information systems continue to increase.
IBM last year alone tabulated 1.5 million monitored network cyber attacks in the U.S — a 12 percent increase from 2012, according to the company’s Security Services 2014 Cyber Security Intelligence Index from last April.
But for Carlos Fernandes, the director of the Cyber Security Center of Excellence at Salient Federal Solutions, cybersecurity success is not a destination, but a journey.
“The way I look at that is that we have to stay alert, we have to constantly be promoting, from a security perspective, cyber security awareness, something that you can never get tired of,” Fernandes told WashingtonExec in a recent phone interview, and acknowledged that such implications – that cybersecurity requires accuracy 100 percent of time – do not trouble him.
At Salient Federal Solutions, a company that delivers IT, training, engineering and intelligence analytic services to defense, intelligence and homeland security clients, Fernandes develops cybersecurity strategy and expands market distinctions and innovations for the company.
As the move toward a next generation internet environment becomes more pronounced, Fernandes outlined his take on the roadblocks hindering the full transition to IPV6, best practices for overcoming mobility induced cyber security threats and his thoughts on which technologies we can expect to be most disruptive to the intelligence community in the coming years.
WashingtonExec: What would you say is the largest thing in the way to a full transition to IPV6 environment? What can we expect in the next 20 years?
Carlos Fernandes: A lot of that has to do with competing interests. There are for example politics and companies that have invested in technologies that are IPV4, so those competing interests are in some cases slowing down the progress of the full deployment of IPV6.
The other thing is that, since the current internet is built on an IPV4 infrastructure which means it’s just a bunch of different networks that are tied together from all over the world –a confederation of many different networks and technologies—it takes a long time for all of that to be transitioned from a legacy technology to a newer technology. And even when the full transition to a native IPV6 environment is complete, still other vulnerabilities will present themselves. I don’t see vulnerabilities going away any time soon.
WashingtonExec: What’s the best way to protect against mobility induced cyber security threats?
Carlos Fernandes: Mobility and the security of mobile solutions continues to be a challenge. The challenge is amplified by the fact that the necessary data may reside on disparate systems.
The only way to eliminate mobility induced cyber security threats would be to not allow them. Disconnect them from the network. That is the only way. Obviously, that’s not really practical.
“Just as we go to the doctor to get health assessments on a periodic basis, we must also assess networks and all that goes on within a network to make sure that we are doing everything that we need to do to protect those network architectures — whether it be wireless mobile devices or hardware residing on a network.”
Mobility has been a problem for cyber security professionals like myself for many, many years because it creates an environment with an extension of the network that is vulnerable and could be exploited.
Because society has become dependent on mobile technologies for its day-to-day existence, we must take other precautionary measures.
Just as we go to the doctor to get health assessments on a periodic basis, we must also assess networks and all that goes on within a network to make sure that we are doing everything that we need to do to protect those network architectures — whether it be wireless mobile devices or hardware residing on a network.
You have to be constantly vigilant and apply best practices to make sure you’re doing everything you can to minimize risk. You can’t completely eliminate these vulnerabilities, they’ll exist because it’s the nature of the internet. It’s not a place where you can completely eliminate vulnerabilities, you just have to live with them and you have to figure out a way to mitigate those. The only way to do that is to stay vigilant and looking to always apply best practices and that’s the only way to do it.
WashingtonExec: What has been the most disruptive development in IT over the course of the last ten years?
Carlos Fernandes: I think that the most disruptive development in IT has been the ubiquitous adoption of wireless technologies that enable us humans to have access to data and sharing of data, from anytime and from anywhere. You can’t go anywhere today without seeing people on their smartphones, seems like they’re almost addicted to the technology, you can’t separate it from our society. I know, I’ve got four children and it seems like it’s part of their DNA now, like an extension or part of their body. That’s really been the most disruptive and from a cyber security perspective, protecting the data that is both being received by these wireless devices and being sent. To not only protect sets of data but also to protect personal data that people don’t want to get into the mainstream. We’ve seen a lot of that over the last year.
WashingtonExec: How would you define edgy technologies and how are they affecting the intelligence community?
Carlos Fernandes: Good question. The way I define edgy technologies are technologies that are disruptive, uncomfortable, not fully baked—kind of still under development, but possess so much promise that they make it in to an operational environment.
Some examples would be some of the social media that we see today, applications on smart devices that start being used and allows an individual to access some sort of data or be able to do something with the data, manipulate it in some way that it hadn’t been manipulated before. One of the things that I’ve been working on for at least 10 years now has been the concept of precognitive capabilities, which is a form of edgy technologies. It’s really a concept that leverages artificially intelligent technologies, pairing those technologies with deep cyber security subject matter expertise folks that have been in the field, like myself for over 20 years, and looking for ways to integrate both the technologies with the human to create an environment that we can start predicting, and preventing, and persisting against cyber incidents, versus responding to an incident after it occurs.
“The most disruptive development in IT has been the ubiquitous adoption of wireless technologies that enable us humans to have access to data and sharing of data, from anytime and from anywhere. You can’t go anywhere today without seeing people on their smartphones…you can’t separate it from our society.”
We as a nation, as we’ve seen with 9/11 and many other incidents that have occurred since I’ve been alive, we’re really good at responding as Americans, how about being predictive? Taking that same passion that we have when an incident occurs and we respond and come together, how about taking that same passion and developing capabilities that would predict cyber events before they occur? That’s the basis and that’s one of the examples of edgy technologies.
WashingtonExec: What is something that most people don’t know about you?
Carlos Fernandes: Well, my two daughters say that daddy cries when he watches chick flicks. As a guy I tend to be all macho, and in cyber security I take care of the bad guys. But my two little girls, they see a different side of me.