​Safeguarding the Digital Frontier: Balancing “security” and “security"

The Honorable Michael T. McCaul, Member of Congress/Chairman, House Committee on Homeland Security, United States House of Representatives. He is tasked with addressing the al Qaeda-Hezbollah terrorist threat, border security and cyber security.

During a well attended presentation at RSA Conference 2016, the Republican congressman attempted to explain the US government’s position on balancing the needs for national security with those of individuals. As he put it, his attendance at the conference was “timely, important and relevant not just for the security of the nation, but also for the security of our digital security”.

In the aftermath of 9/11, the US government focussed on preventing terrorists establishing safe havens. But whereas those safe havens were physical spaces in those days, today those havens are online.

McCaul noted that it was not possible to destroy adversaries by simply bombing them any more as they are so distributed. He said jihadist fighters were using virtual safe havens to shield themselves from retribution.

“There are literally 200,000 ISIS tweets per day to radicalise individuals all around the world”.

The use of encrypted applications came under specific attention by McCaul. Citing the bombings in Paris during November 2015, he said the terrorists used encrypted messaging platforms to conspire with each other while evading detection.

That debate over access to encryption has escalated with the recent San Bernardino case being fought between Apple and the FBI.

“This issue is not going away. It’s one of the greatest law enforcement and counter terrorism challenges of the 21st century. It’s also given enormous implications for our privacy and the security of our most sensitive information,” he says.

He noted that with the breach at health insurance provider ANTHEM, following others at Target, Neiman Marcus, Home Depot, as well as the Office of Personnel Management (OPM) – where McCaul’s own security clearance was one of the many millions of records that were stolen by Chinese hackers – have made digital security and privacy hot button issues.

Read more: ​Can fiction inform reality – a look into CSI:Cyber

McCaul says "The digital frontier is very much like the wild west” and “the effects are felt from kitchen tables to corporate board rooms”.

The adaptability of threat actors and their ability to change identities makes them extremely difficult to catch, particularly when they are supported by other nation states. It also makes attribution of a cyber-crime very difficult. McCaul mentioned the recent breach at a hospital in California where a hospital was the victim of a ransomware attack where they paid at US$17,000 ransom to the attackers.

The trouble, says McCaul, is our capacity to adapt to the shifting methods of the adversary are lagging. Many threats are in place for many months – the OPM breach was in place for well over a year before it was “detonated”. This has given rise to the concept of “digital bombs” with the impact lasting many years.

In response, McCaul says the US State department changed course and has agreed to negotiate and collaborate with the private sector.

Read more: ​Security: Architecture vs Sprawl

In speaking about the use of encryption by cyber criminals, McCaul says “I’m not out to demonise encryption. Encryption is a bedrock of communications and electronic commerce".

He noted that it is used to protect state and personal information and communications but that same protection is used by nefarious groups that are acting against the American interest. While, on one hand, he says there are no known security threats at this time, encryption has made the pool of information we know nothing about much larger.

"How can we keep our country safe while keeping our personal data safe?" he asks.

Using the San Bernardino case as an example, he says it’s time to get the right experts in the room to find a path that supports the needs of law enforcement and the broader community and technology industry.

“Sadly, Americans have heard a lot of bluster, too little acceptance. The two sides are shouting at each other,” he says.

One of the steps McCaul has taken is to establish a national commission on security and technology challenges in the digital age. This has been done with Democrat senator Mark R. Warner, signalling a bipartisan approach to this challenging issue. The commission will include technology leaders, privacy experts and other non-politicians.

Join the CSO newsletter!

Error: Please check your email address.

Tags ​Safeguardinghomeland securitySecurity needs#RSACCongress/ChairmanRSA Conference 2016CSO AustraliaMichael T. McCaulUnited States

More about AppleFBIHome DepotHouse of RepresentativesRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts