AFCEA International held its two-day Solutions Conference, December 2-3. The original keynote was supposed to be LTG Keith Alexander, the Director of the National Security Agency, and the nominee for a 4th star and command of the newly established U.S. Cyber Command. This being Washington, however, he could not risk a presumption of Senate confirmation (big problems for those who commit this sin) of his new duty, so he politely demurred. Instead, he sent one of his very able subordinates from the NSA, Ms. Sherri Ramsey, to address the group at the National Conference Center in Leesburg.
Her remarks were far ranging and very relevant. She professed a passion for cyber security. She also apologized to anyone who had come expecting answers. She said humbly that she had many more questions than answers, and she challenged the audience to help her find the answers the country needs.
Ms. Ramsey began with the threat. She did this quickly but noted that cyber crime steals over $8 billion a year in actual cash, and that the lost intellectual property to espionage (national security and industrial) exceeds trillions of dollars. Next, she noted that the Internet carries over 2 million emails every second, that 70 percent of these are spam and most of those are carrying malware. Even the very tech-oriented crowd harrumphed at that.
A call for cooperation was the next agenda item. Ramsey said that the NSA, long known for its secretiveness, is now calling for a new attitude her boss calls “Team Cyber.” They want everyone to work together to develop a holistic situational awareness and for all enterprises with networks to realize they no longer just “own and operate” but now “own, operate and defend” them.
She used a sports analogy: Before, we thought in American football terms, with separate offensive and defensive teams. But now, we need to think like soccer players, where everyone is responsible for defense and offense, with the flow between them continuous and complicated.
She wrapped up with a list of needs the Government Cyber Community needed industry to eventually provide. These included tools to synthesize, tools to analyze and tools to do secure collaboration. She needs the ability to better move data across domains of varying security classifications, as well as data storage that is secure and searchable to NSA standards. Lastly, she needs seamless sharing, and a lot of training, in both offensive and defensive cyber operations.
Overall, it was an excellent presentation, and it set the tone for the start of a great event.
