In November 2014, hackers leaked a slew of confidential data from Sony Pictures that led to breathless headlines about how which stars were exasperating to work with and how much talent was paid. The hack was linked to the studio’s impending release of a film called “The Interview” that satirized the North Korean regime. Following the leak, the hackers threatened to attack any cinemas showing the film, leading many to pull out of screening it entirely and the New York premiere to be canceled. In the end, Sony gave it a limited theatrical release and made the film available for download.
Admiral James Stavridis, dean of the Fletcher School of Law and Diplomacy at Tufts University and former NATO Supreme Allied Commander Europe, noted in a Gartner Thinkcast interview in advance of the Gartner Infrastructure, Operations Management & Data Center Conference that this hack is just one example of how cybersecurity has blurred the lines between national security and the private sector, and why it has become one of the most serious threats facing the world today.
“When I was the Supreme Allied Commander at NATO, there was plenty to worry about on that job, but the thing that kept me awake at night was cybersecurity,” he says. He explains that it’s only cybersecurity that proceeds from the highest level of a country’s national interest — its infrastructure, transportation grids, water management systems and so on — through to medical and educational issues, and even people’s personal finances. He sums it up as, “an utterly unique 21st-century challenge.”
More cooperation needed
One of the most important things holding back the response to that challenge is “truly effective cooperation” between the public and private sectors.
He suggests that companies approach cybersecurity more like the way airlines work together when there is a concern with a particular model of jet. They collaborate publicly about the problems and what’s being done to resolve it. “It’s a very open conversation [and] that’s not the cyber world right now,” he says.
‘There is always hope’
Despite his concerns though, he remains optimistic that governments and companies can get on top of the threat. “There is always hope,” he says, laughing. He suggests four steps for companies and public sector organizations.
- Cyberhygiene: All organizations can drastically improve cybersecurity by educating all those who will be using technology and IT systems. It requires organizations to get people to do what he calls “all those annoying things,” such as using long and complex passwords and changing them frequently.
- Better private-public cooperation: In the U.S., the government should take the lead, he says, in getting the private sector to collaborate. He suggests that the government create sector-specific consortia to bring financial services firms or healthcare companies together in a blame-free environment to share the hacks they’re seeing and what they’re doing about it.
- Create a U.S. cyberforce: The U.S., Admiral Stavridis says, should also invest in a cyberforce. He likens it to a “fifth service” alongside the Army, the Navy, the Marine Corps and the Air Force, and says it should comprise around 5,000 people: “Tiny by the standards of the Department of Defense but highly trained, highly motivated individuals who [will] protect the infrastructure of the nation.”
- More emphasis on international cooperation: Admiral Stavridis thinks we should see the cyber world in the same way we think about the oceans — as a global commons. The United States is well-placed to take the lead on collaborating with others to protect the cyber world in the same way. He suggests ideas like creating a global treaty and possibly a United Nations institution to do so.
In all, he sums up by saying, “This is the challenge of our times, and we need our best minds addressing it.”