From cyber-warfare readiness to the DNC hack to prosecuting cybercrime, EDGE2017 provided federal agency employees and the cybersecurity professionals who defend our nation’s data with real-world examples of cyber-attacks and what can be done to stop them.
EDGE2017, which ran Oct. 17-18 at the Knoxville Convention Center, hosted business leaders, federal employees and technology professionals from all over the country. The event combines the expertise of technology industry leaders with topical roundtables, training sessions and industry-specific tracks to solve problems that agencies and business face.
Retired Major Gen. Brett T. Williams spoke about the U.S.’s cyber-ware readiness as it relates to four nation-states that are routinely accused of hacking both government and private-industry databases.
“One of the problems we have is (that) we look at this Russia thing as a cyber problem,” Williams told the EDGE2017 crowd. “When you look at this business with the so-called hacking of the Democratic National Committee (DNC), with the trolling they have done… targeting active duty and retired military by planting fake news stories. When they release the stuff from the CIA to the Shadow Brokers. None of that is really cyberwar. That is information warfare and the Russians have been doing that since before there was an Internet.
“Did they have a preference over Clinton versus Trump? Maybe yes, maybe no, but what they really have a preference for is creating internal discontent,” he said.
Williams, who served as the director of operations for the U.S. Cyber Command 2012-2014, went onto talk about how the issues that the federal government faces aren’t that much different in private industry.
He said that the military, like business, need to stop only including the Information Technology department when they have a technical issue and start bringing those experts to the table when making decisions about operations planning.
“Ninety-two percent of cyber breaches happen due to a lack of user training,” he said. “Get a grip on passwords. It’s a key area of risk.”
His sentiments were echoed by Adlumin Co-Founder and CEO Robert Johnston, who worked on the DNC hack as an analyst with CrowdStrike, the company hired by the DNC to investigate its breach.
“Compromised credentials are the biggest threat to your network,” Johnston explained.
He pointed out that hackers steal legitimate employee credentials and then masquerade as employees using those valid stolen credentials.
Johnston also said that insider threats, outdated or legacy network security and not adhering to compliance regulations also pose threats to business and governments, alike.
Other speakers addressed how the federal government prosecutes cybercrime and efforts to stop hackers from wreaking havoc on Fortune 500 companies, small businesses or federal agencies.
U.S. Department of Justice Computer Crime and Intellectual Property Attorney Tim Flowers spoke about overseeing the investigation and prosecution of cyber actors both at home and abroad while Consolidated Nuclear Security CISO Craig Thomas discussed the challenges of modernizing cyber security for mission critical operations.
EDGE2018 will continue to focus on how business and agency leaders can learn from cybersecurity experts. Dates will be announced soon.