Phil Quade, CISO, Fortinet sits down with John Furrier for a Digital CUBE Conversation.
#CUBEConversation #theCUBE
https://siliconangle.com/2020/04/21/edge-exposure-pandemic-requires-renewed-focus-cybersecurity-cubeconversations/
Edge exposure during pandemic requires renewed focus on cybersecurity
Security at the edge has been discussed for quite a while, but the timetable for solutions extended to years. That’s no longer true.
With the outbreak of coronavirus and a migration of much of the global workforce away from internal corporate networks to connecting via mobile devices using home routers, the need for edge security has become more urgent.
A recent Network World survey found that edge security was very much on the minds of information technology executives, with 77% concerned about overall security and 55% who believed that edge devices were not built with proper protections.
“All of a sudden what we’re seeing, not just in the U.S. but the world as well, is that the edge is being extended in places that we just hadn’t planned for before,” said Phil Quade (pictured), chief information security officer of Fortinet Inc. “Sometimes there are catalysts that cause major changes in the way you do things. We’re in one of those right now.”
Quade spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the impact of internet of things devices on edge security, Quade’s recent book on cybersecurity as a science and rising vulnerabilities in operational technology. (* Disclosure below.)
Evaluating IoT devices
The global pandemic offered both benefits and challenges for Quade’s fellow CISOs. For many firms, security rose to the top of the priority list as businesses scrambled to protect assets in a suddenly less-secure work environment.
On the other hand, protection of critical data and IT infrastructure just got a lot harder. Last year, Fortinet published a list of actions CISOs should consider to secure IoT devices at the edge. These included evaluating every IoT device that connected to the network and assessing all edge-related traffic, encrypted or otherwise.
“It’s a very important time to step up as a CISO and do what’s helpful to sustain the mission,” Quade said. “This isn’t just a surge for 30 days; this is a surge for being agile with no end in sight.”
A virus once raged through the internet, causing millions of dollars in damage and crashing thousands of machines. While this sounds like a scenario that could have happened yesterday, it actually occurred in November 1988, when some of the early Web pioneers realized that what they envisioned as a friendly academic research tool could have far greater implications.
This historical perspective and how it should be applied to the current world are part of a thesis outlined in Quade’s recent book, “The Digital Big Bang: The Hard Stuff, the Soft Stuff, and the Future of Cybersecurity.” Like the “Big Bang Theory,” a leading explanation for how the Universe began, the internet has fostered a different world and cybersecurity must be taken as seriously as the discipline of scientific thought.
“Fifty years ago, we had a digital big bang where there was a massive explosion of bits with the invention of the internet,” Quade explained. “It’s time to start treating cybersecurity like a science. Let’s not pretend it’s a dark art that we have to relearn every couple of years.”
Integrating IT with OT
Part of what is keeping Quade and his colleagues up at night are concerns around the operational technology space. A survey of enterprise security professionals conducted last year by the SANS Institute found that less than half of respondents had conducted a security inventory of control system devices and software applications, even though 78% of the equipment had external connectivity.
“You want to make sure your solutions in the IT space are well integrated with solutions in the OT space so an adversary or mistake can’t work into the crack and cause a disruption,” Quade said. “With the rapid introduction of IoT technologies into the physical world, we’re going to have a whole lot of dependencies and inconveniences on things that instrument our physical space.”
The power grid system in the U.S. offers an instructional model, according to Quade. Contrary to what some people believe, there is not one main power grid, but actually three. There are Eastern and Western interconnections, along with one in the state of Texas. This is the kind of diversified, resilient model the cybersecurity community needs to consider.
“There’s fabulous strategies of implementation and diversification to allow the grid to fail safely so it is not catastrophic,��� Quade said. “We ought to base cybersecurity around a similar principle — that a catastrophic failure in one part of the architecture shouldn’t result in a catastrophe cascading across your whole architecture.”
...
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
CUBE Conversations 2020 | Palo Alto. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For CUBE Conversations 2020 | Palo Alto
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for CUBE Conversations 2020 | Palo Alto.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
CUBE Conversations 2020 | Palo Alto. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to CUBE Conversations 2020 | Palo Alto
Please sign in with LinkedIn to continue to CUBE Conversations 2020 | Palo Alto. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Phil Quade, Fortinet | CUBE Conversation, April 2020
Phil Quade, CISO, Fortinet sits down with John Furrier for a Digital CUBE Conversation.
#CUBEConversation #theCUBE
https://siliconangle.com/2020/04/21/edge-exposure-pandemic-requires-renewed-focus-cybersecurity-cubeconversations/
Edge exposure during pandemic requires renewed focus on cybersecurity
Security at the edge has been discussed for quite a while, but the timetable for solutions extended to years. That’s no longer true.
With the outbreak of coronavirus and a migration of much of the global workforce away from internal corporate networks to connecting via mobile devices using home routers, the need for edge security has become more urgent.
A recent Network World survey found that edge security was very much on the minds of information technology executives, with 77% concerned about overall security and 55% who believed that edge devices were not built with proper protections.
“All of a sudden what we’re seeing, not just in the U.S. but the world as well, is that the edge is being extended in places that we just hadn’t planned for before,” said Phil Quade (pictured), chief information security officer of Fortinet Inc. “Sometimes there are catalysts that cause major changes in the way you do things. We’re in one of those right now.”
Quade spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the impact of internet of things devices on edge security, Quade’s recent book on cybersecurity as a science and rising vulnerabilities in operational technology. (* Disclosure below.)
Evaluating IoT devices
The global pandemic offered both benefits and challenges for Quade’s fellow CISOs. For many firms, security rose to the top of the priority list as businesses scrambled to protect assets in a suddenly less-secure work environment.
On the other hand, protection of critical data and IT infrastructure just got a lot harder. Last year, Fortinet published a list of actions CISOs should consider to secure IoT devices at the edge. These included evaluating every IoT device that connected to the network and assessing all edge-related traffic, encrypted or otherwise.
“It’s a very important time to step up as a CISO and do what’s helpful to sustain the mission,” Quade said. “This isn’t just a surge for 30 days; this is a surge for being agile with no end in sight.”
A virus once raged through the internet, causing millions of dollars in damage and crashing thousands of machines. While this sounds like a scenario that could have happened yesterday, it actually occurred in November 1988, when some of the early Web pioneers realized that what they envisioned as a friendly academic research tool could have far greater implications.
This historical perspective and how it should be applied to the current world are part of a thesis outlined in Quade’s recent book, “The Digital Big Bang: The Hard Stuff, the Soft Stuff, and the Future of Cybersecurity.” Like the “Big Bang Theory,” a leading explanation for how the Universe began, the internet has fostered a different world and cybersecurity must be taken as seriously as the discipline of scientific thought.
“Fifty years ago, we had a digital big bang where there was a massive explosion of bits with the invention of the internet,” Quade explained. “It’s time to start treating cybersecurity like a science. Let’s not pretend it’s a dark art that we have to relearn every couple of years.”
Integrating IT with OT
Part of what is keeping Quade and his colleagues up at night are concerns around the operational technology space. A survey of enterprise security professionals conducted last year by the SANS Institute found that less than half of respondents had conducted a security inventory of control system devices and software applications, even though 78% of the equipment had external connectivity.
“You want to make sure your solutions in the IT space are well integrated with solutions in the OT space so an adversary or mistake can’t work into the crack and cause a disruption,” Quade said. “With the rapid introduction of IoT technologies into the physical world, we’re going to have a whole lot of dependencies and inconveniences on things that instrument our physical space.”
The power grid system in the U.S. offers an instructional model, according to Quade. Contrary to what some people believe, there is not one main power grid, but actually three. There are Eastern and Western interconnections, along with one in the state of Texas. This is the kind of diversified, resilient model the cybersecurity community needs to consider.
“There’s fabulous strategies of implementation and diversification to allow the grid to fail safely so it is not catastrophic,” Quade said. “We ought to base cybersecurity around a similar principle — that a catastrophic failure in one part of the architecture shouldn’t result in a catastrophe cascading across your whole architecture.”
...
