CISO proposes cybersecurity co-op to fend off hackers

The CISO of Rockwell Automation thinks a cybersecurity co-operative, comprised of top information security engineers from several companies, could serve as a salve to the talent shortage and also offer and an improvement over managed security service providers.

Jim Motes believes he has a solution to the glaring shortage in cybersecurity talent, which renders corporations more vulnerable to hackers. The CISO of Rockwell Automation proposes a cooperative staffed by the best engineers from member companies. This team of seasoned information security professionals would be better positioned to protect corporate networks than most managed security service providers (MSSP), he says.

"We have a shortage of cybersecurity professionals, with people shoved into jobs [they] are not qualified to do," says Motes, who will formally present the proposal to fellow CISOs at the manufacturer's Milwaukee headquarters on November 30. "We have a stressed-out work force, a shallow talent pool and an increase in demand like nothing we've ever seen before."

Jim Motes, CISO of Rockwell Automation.

Jim Motes, CISO of Rockwell Automation.

[ Related: CISO bets on cloud security services to protect data ]

It's hard to find fault with that point. Cybersecurity concerns have ratcheted up significantly in the past two years, spotlighted by reputation-tarnishing hacks at Target, Home Depot, Anthem and other companies. And things aren't getting any better. A recent PwC survey reported a 38 percent uptick in cyber-assaults from 2014. The result has business leaders and their boards rethinking their cybersecurity practices.

Not enough cyberprofessionals to protect companies

While Motes says companies should cultivate a multi-layered approach to cybersecurity technologies, there simply isn’t enough qualified staff capable of shielding corporate networks from attackers who excel at covering their tracks. The cooperative would shore up network defenses and monitor them for attacks. The services are similar to what MSSP offer today, but with some key differences, says Motes, who has delivered MSSP services in previous roles at Perot Systems and Affiliated Computer Services.

Most MSSPs are trained to monitor threats and call clients when they find anomalous activity. They are motivated by profit to rack up as many clients as possible, an approach that dilutes their effectiveness because they have too many customers to become familiar with various vertical industries, each of which boast unique architecture and defense requirements.

Also, when a company is breached, the MSSP typically returns only the money paid to them, which is typically thousands of dollars, as opposed to the millions of dollars breach might cost a brand. “[The cooperative] beats out an MSSP, which is made up of a bunch of guys who sit there and watch glass for a whole lot of customers,” Motes says.

[ Related: Insider Insights: Textron's CISO on risks, tech talent and more ]

Initially, Motes says the co-op would work best with manufacturing companies with profiles similar to Rockwell Automation. But, eventually, the co-op would develop specialists, versed in how to handle threats for retail, finance, healthcare and other sectors. Knowledge would become institutionalized and shared for the good of the co-op, which would invest in training its members on the latest threats and emerging technologies. The co-op would sustain itself utility-style, charging clients on a pay-per-use basis. It would do a "good job without bringing in outsourced services, and we could create a center of excellence that could be replicated for other industries," Motes says.

Co-op could better protect privileged user accounts

One area the co-op would be well-positioned to protect is privileged user accounts, essentially valid credentials designed to be used by systems administrators to manage network systems, run services or allow applications to communicate with one another. With few network access restrictions, privileged user accounts are frequently seized by attackers to infiltrate corporate systems. Such accounts played critical roles in high-profile hacks at Sony Pictures, Las Vegas Sands casino and the Office of Personnel Management.

Protecting privileged user accounts is top of mind for Motes. Rockwell Automation has recently consolidated IT operations under a single outsourcing firm, whose staff require privileged access to, for example, provision and manage the Windows servers and network infrastructure required to operate the business. The outsourcer's access Rockwell's network both on site and remotely via virtualized connections. Extending the company's attack surface initially made the board of directors uneasy.

[ Related: 7 tips to becoming a successful CISO ]

Rockwell uses software from CyberArk to sandbox privileged sessions and prevent the spread of malware from user endpoints to critical systems as well as to prevent users and their devices from ever exposing the privileged account credentials. It also generates an audit log to track any suspicious activity for both the outsourcer's staff and Rockwell's employees. "We don't want them logged in with that privilege without us tracking it, knowing who logged in [and] what they did and when," Motes says.

Things to make a security co-op hum

For the co-op to work, Motes says members would have to make sure their own security, including mitigating the privileged access control threat, is up to par. He envisions seasoned cyberprofessionals hailing from a variety of industries could train interns within the co-op to combat cyberthreats. “Nobody is as good as the team you grow and invest [time and effort] in training,” he says.

Motes has already received the greenlight for the co-op initiative from Rockwell Automation’s senior management, including the company’s general counsel. And he’s received a positive response from the Wisconsin state assembly, as well as fellow CIOs to whom he’s floated the idea. Some peers challenged the co-op premise, noting that their staff wouldn't want to move out of their current roles to go work for a co-op, which would essentially launch as a start-up. But Motes argued that staff would receive valuable cross-training, making them more valuable and well-positioned for advancement within the co-op, or elsewhere. “We’ll give them a career path, they won’t see [at their current company],” he says.

However, cybersecurity has always been a touchy subject between corporations. For that reason, perhaps the greatest opposition to the co-op will come from companies opposed to sharing cybersecurity insights for fear of exposing themselves to bad actors seeking the next big challenge. Motes will find out November 30.

Join the CSO newsletter!

Error: Please check your email address.

More about Affiliated Computer ServicesCo-opCyberArkHome DepotPerot SystemsRockwellSonyTextron

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Clint Boulton

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place