Anup Ghosh, founder and CEO of InvinceaThe "lost decade" of cybersecurity: adversaries outpace cyber-defenses

Published 9 September 2011

Anup Ghosh, the founder and CEO of Invincea, a firm that specializes in developing cybersecurity solutions, discusses the failures of the U.S. government in cybersecurity, emerging technologies that can help keep networks safe, and the havoc that terrorists can wreak via a cyberattack

Anup Ghosh, founder and CEO of Invincea // Source: Invincea

Homeland Security NewsWire: In the ten years since 9/11, the cybersecurity threat has evolved significantly and both President Bush and Obama have taken great pains to bolster the government’s response and defense capabilities, but in your opinion has the government done enough? If not, what more should the government be doing to secure the nation’s computer networks?

Anup Ghosh: In short, cybersecurity technology has largely stayed where it was pre-9/11. We are now looking back on a “Lost Decade in CyberSecurity” where little to no innovation has occurred in addressing cyber threats, while the adversary has significantly outpaced cybersecurity defenses to the point where most are obsolete. The government should take some ownership for the lack of stimulating investment in cybersecurity technologies, but more importantly in not adopting new cyber security approaches.

HSNW: With news of major hackers hitting government websites flooding the headlines, are government cyber defenses adequate to protect the nation’s critical cyber assets let alone government networks?

AG: Clearly no. The cyber security technologies protecting government and commercial networks were developed in the twentieth century against a twentieth century threat. They are inherently reactive, reacting to the last known threat. However, the pace of new threats – 60,000 new malware variants a day reported by McAfee – means this reactive approach to cybersecurity no longer works. Critical infrastructure providers tend to lag adoption of new technologies even further. Government needs to be a leader in adopting new strategies for cybersecurity that prevent infections rather than reacting to infections. Signature-based approaches that count on foreknowledge of the threat are no longer effective. Fortunately emerging technology the NSA has spoken to publicly virtualizes browser and other desktop apps that get compromised to prevent infections of desktops, and instead contain the infections to virtual operating systems. These types of emerging technology will find their place in enterprises soon now that key stakeholders are now aware of the deficiencies of the network security systems they are running.

HSNW: Most of the recent cyberattacks appear to have been perpetrated by rogue individuals, hacking collectives, or other nations, but has there been any evidence to show that terrorist organizations like al Qaeda pose a threat to U.S. computer networks?

AG: Most of the publicly known cyber attacks are perpetrated by hacker enclaves or hacktivists – but government, national security, and law enforcement officials have long known that foreign nations and organized crime have been inside our networks stealing data gigabits at a time every day. These sophisticated actors do not leave their calling card or make it public because it is not in their interest to do so – however it is for hacktivists. Are terrorist organizations a threat to U.S. Computer networks? Definitely. They tend to have highly educated members – members with graduate degrees in engineering. It is incredibly cheap, anonymous, and untraceable, and can wreak tremendous economic and collateral damage. In other words, it makes a great asymmetric threat that is very difficult to defend against.

HSNW: Looking ahead, what do you foresee as the main cybersecurity challenges for the next decade

AG: The main challenge in cyber security is to upgrade our defenses to the twenty-first century. Get out of list-based and reactive approaches to prevention and proactive security – where proactive means stopping the infection before it compromises networks and desktops. The technology is now emerging, but it will take effective leadership to recognize the defenses currently deployed no longer work, and to adopt new approaches that are out many steps in front of adversarial capabilities.