Former White House CISO explains importance of cybersecurity exercises
“You have to take cybersecurity seriously no matter what business you are in,” said Mark Gelhardt.
Gelhardt is a former White House chief information security officer (CISO) under the Clinton Administration who managed classified communications for the White House staff and the U.S. Secret Service. He served over 20 years in the military and retired with the rank of Colonel. He is a Certified Chief Information Officer and Certified Information Security Manager. Currently, he is a principal at Cyber Exercises, an Atlanta based company that creates customized training exercises for cybersecurity, disaster preparedness, and physical security.
Cyber Exercises recently staged public training exercises with the Georgia National Guard at the Clay National Guard Armory in Marietta, GA. The event included an interactive exercise that simulated cyber attacks on a fictional business. “It was the first truly open source cyber exercise available to the public on a military installation. The exercise included six to seven cyber attacks over a two hour period for a fictional logistics company. All of our exercises are based on real events that have occurred recently,” said Gelhardt. In attendance were business executives, insurance and public relations professionals, and personnel from the FBI, Cobb County Police Department, and Cobb County EMS. “Ninety to 95% of the participants on stage were role-playing in the position that they actually have in real life,” he added.
Many of the exercises are open to the public because, “We want to inform the business community as it is difficult to have a classified exercise that includes business,” said Gelhardt. The company encourages the audience to have an open and active debate with other participants during the exercise. “The audience will ask questions about why they are doing what they are doing,” Gelhardt explained. “We will give an overview of things that are apparent after the exercise in an after-action report.”
He explained that many business executives that participate in the exercise often take away some valuable lessons about how to respond to cyber attacks. “It is about cause and effect and showing executives how these incidents can affect your bottom line,” he said. “Many executives do not realize that when it is a federal crime scene, authorities must investigate and clear the scene before you can go back in and do anything. Even during a cyber attack, all logs and data must be cleared by an investigator. Also, just rebooting and deleting files does not mean that it is secure or that the malicious code has been contained.”
He went on to discuss some of effects of automation on businesses saying, “The rise of automation has empowered businesses, but it has also expanded their risk profile. Executives tend to be focused on the revenue side of the business because they are graded on their profitability numbers, but they are unaware of the changing landscape of risk profiles.”
While many people are familiar with some of the cyber attacks that have hit global corporations, he mentioned that “These cyber attacks are also being geared toward small and medium sized businesses and all businesses should be concerned about this issue. Most people do not understand cyber insurance or know if they even need it.” He explained that businesses can do more than just purchase security software, but actually purchase customized cyber insurance and business continuity insurance for an added layer of protection.
“Cyber attacks are becoming a business in and of itself,” said Gelhardt. “Many cyber criminals are business oriented people that need to make money. You can buy malicious code online and hire someone to execute it. You do not need to know how to do anything anymore.”
Cyber attacks now go beyond stealing credit card numbers online. “It is more than just stealing credit cards. That is actually not the most profitable type of cyber attack because credit cards can be bought and sold online for 10 cents and the banks will usually block them after one to two purchases. Today, they are going for bank transfers and intellectual property that they can sell.”
He cited an example of a local company that lost 20-40 percent of its value due to intellectual property theft from a foreign company that undercut it in the marketplace.
When asked where these cyber attacks emanate, he said that most of them tend to come from abroad. “The U.S. is not a good place for cyber attack business due to the FBI’s investigative skills. [Attackers] usually choose places where it is easier to do business where it is safer and easier to attack others, such as third world countries. Some nation-states use cyber attacks to test their capabilities, and there are activists that buy tools online, but they usually get caught fairly quickly.”
When it comes to potential solutions, he said “Executives should understand that there are business reasons to focus on cybersecurity.” While many businesses have a CISO, “They tend to be more focused on technology and they do not know how to speak the language of business. The CISO should morph from a support role to a business partner.
“This is all about educating people on the ever changing landscape of cybersecurity,” he said.
Please visit the company’s website at www.CyberExercises.com for more information.
In addition to his role at Cyber Exercises, Gelhardt is also the CISO of TravelClick, a security as a service company that provides marketing and reservation management services for more than 30,000 hotels around the world.