Insights & Intelligence

The use of disinformation isn’t new, but finding the truth has become more challenging as our adversaries employ sophisticated tools to manipulate perception. The Chertoff Group’s Adam Isles speaks with national security expert J.D. Maddox about the nature of disinformation campaigns, why companies should be concerned, and what can be done to prevent the spread of disinformation. He warns corporations that it’s a matter of time before sophisticated disinformation campaigns are used against them.

While cybersecurity is often top of mind for many companies, physical threats such as active shooters are emerging as major risks to people and businesses too. The Chertoff Group’s Jayson Ahern discusses the roles and responsibilities of leadership in guarding against these threats, how chief security officers can work with the organization, and how often companies should assess their risks.

Chertoff Group Senior Advisor Bob Pocica, who began his career at the FBI and served in various security roles at major corporations, discusses enterprise risk management. He talks about the importance of bringing physical and cybersecurity areas of a company together, and why it’s necessary for organizations to have a senior individual in charge of these threats. He urges Chief Security Officers to be proactive and offers this: You can’t over-communicate when it comes to security. 

The Chertoff Group’s Brian Hess traces his career in the U.S. Air Force – from deployment to his work at the Pentagon as a Nuclear Security Policy Officer. He discusses how the lessons he learned in the military can apply to the corporate world. How can we break down the barriers that exist between physical and cyber within organizations? He stresses the importance of working with teams to guard against threats.

What is the state of the market when it comes to space and missile defence? The Chertoff Group’s Kristjan Kornmayer, who recently published the Space and Missile Defense Market Review, discusses a recent space and missile defence symposium and where he sees major areas of investment from the government and private sector.

Maggie Brunner of the National Governors Association discusses the steps that states are taking when it comes to cybersecurity. It’s everything from ensuring election security, dealing with ransomware threats, to protecting the electric grid. She highlights an innovative pilot program with seven states to improve cybersecurity, as well as the National Guard’s role in helping states with cyber threats.

The Chertoff Group’s Jayson Ahern talks about the importance of international supply chain security, and the delicate balance that must be maintained to keep goods flowing across our border. Public-private partnerships are setting standards to ensure legitimate goods come in, and the threats stay out. He discusses why companies need to understand – and guard against – risks in the international supply chain. 

What makes a good Director of National Intelligence? In the wake of the recent retirement of National Intelligence Director Dan Coats and the resignation of principal deputy director Sue Gordon, Chertoff Group Principal Charles Allen discusses what the Office of the Director of National Intelligence means to the security of the United States. Allen, who had a 40-year career with the CIA, talks about the importance of the office and the type of leader that the role requires. 

The Senate Homeland Security and Government Affairs Committee reflected on today’s national security challenges during a recent hearing titled “18 Years Later: The state of Homeland Security After 9/11.”  Chertoff Group Executive Chairman Michael Chertoff, who served as the second U.S. Homeland Security Secretary, testified about the collective work done to prevent this type of event from occurring again and where further investment and attention is needed to protect the safety and security of the American people. 

It’s been nearly 20 years since the terrorist attacks of September 11, 2001. The Chertoff Group’s Jayson Ahern, Charles Allen, Adam Isles, General Michael Hayden, and Lee Kair reflect on a day that changed America, and share stories about how it influenced their careers. They had a front-row seat to what happened on one of the country’s darkest days — and witnessed a nation that rose to the challenge. 

How can the U.S. ensure the security of its elections and protect democracy? The Chertoff Group’s Adam Isles discusses vulnerabilities in election security and strategies to guard against attacks with Philip Reitinger, president and CEO of the Global Cyber Alliance. Reitinger talks about some basic steps to cut your cyber risk and cautions that the Internet of Things will present new challenges that we’ve yet to grasp.

Attacks on the U.S. election system and those around the world are designed to sow doubt and undermine confidence, creating challenges for democracies around the world. Adam Isles and Michael Chertoff discuss how we protect the integrity of elections – from campaigns, voters, and the voting system itself. It requires a public-private partnership, and individual citizens have a role to play. Chertoff cautions that we must use our imagination to prepare for the attacks we haven’t seen. 

Artificial Intelligence (AI) is the ability of computer systems and algorithms to simulate human responses and then learn and adapt. It holds great potential to bring innovation across a number of sectors.  But it also raises a host of moral, legal and ethical questions. The Chertoff Group’s Paul Rosenzweig discusses the challenges and dilemmas this technology creates. How far are we willing to go in putting our faith in AI, and can we design it in a way that aligns with our values?

Software has traditionally been a black box when it comes to knowing what’s inside.  Allan Friedman, director of Cybersecurity Initiatives at the National Telecommunications and Information Administration, discusses the Software Component Transparency initiative and efforts to establish a software bill of materials. It’s akin to a list of ingredients associated with a particular piece of software to help stakeholders make better risk-management decisions. What will make this a reality?

Artificial Intelligence (AI) is an incredibly powerful tool to help us make predictions, offering the promise of huge advances across all economic sectors and the government. But how do we define AI, what are its benefits, and how can it be applied in a way that’s consistent with our values? Carol Kuntz, a senior advisor with the Chertoff Group, discusses where AI is used today and some thoughts on how we govern its use in the future. She argues that the technology is at a place where public policy choices need to be made about its use.

The electric grid is often described as a lifeline sector for the nation’s critical infrastructure. But most of this sector is privately owned. How can the government and private sector work together to protect the nation’s critical infrastructure? The Chertoff Group’s Scott Gibson and Christian Healion discuss the new Cybersecurity and Infrastructure Security Agency (CISA) and how it can function as the public-private sector hub for understanding risk and helping the electric power industry achieve the twin goals of reliability and resiliency.

Encryption is a foundational security tool. But in a time of more outbreaks of violence, the temptation is great to build a backdoor into the encryption process and foil plots before they can be carried out. Chertoff Group Co-Founder and Executive Chairman Michael Chertoff argues that we shouldn’t weaken encryption for an understandable – yet narrow – law enforcement use. He discusses the techniques that law enforcement can use to make sense of data without undermining encryption and predicts that quantum computing will be the next big tool for cracking encryption.

Under a new Executive Order, the security clearance process will now be conducted through the Department of Defense. It’s an important step forward in reforming the outmoded and cumbersome security clearance process. But it’s not a panacea say Chertoff Group Principal Charles Allen, Chuck Alsup, President of the Intelligence and National Security Alliance (INSA), and Adam Lurie, a member of INSA’s advisory board. They argue that we must redefine what a clear and trusted worker is through a process of continuous evaluation and vetting. And we need to use technology to conduct security clearances in a way that’s much more effective and efficient than it’s done today.

Cyber threats now rank as the number one threat against U.S. government and business interests. What can the government do to protect businesses against an onslaught of attacks? The Chertoff Group’s Adam Isles and Matthew Eggers of the U.S. Chamber of Commerce discuss the Cyber SAFETY Act – proposed legislation that would modernize an early law put into place after 9/11 to encourage the use of anti-terrorism technology. The legislation, among other things, incentivizes companies to take their product through the Department of Homeland Security’s SAFETY Act vetting process.

A changing business environment has meant that many companies outsource services and have multiple supply chains, introducing new risks from the outside. The Chertoff Group’s Chris Duvall talks about ways to manage third-party risk, the questions companies should be asking, and the looming threat of software subversion. He advises organizations to have a robust third-party program as part of any holistic risk-management strategy.

Organizations are facing increased cybersecurity threats. How should companies assess these risks and put a plan in place to prevent them? The Chertoff Group’s Adam Isles and Kurt Alaybeyoglu discuss MITRE’s ATT&CK threat assessment model that helps companies create individual plans to better understand risks, threats and ways to guard against them.

There’s no such thing as risk elimination. But if businesses focus on the most likely threats, they can minimize the damage. The Chertoff Group’s Adam Isles and Scott Gibson talk about how organizations can manage security risks effectively, the importance of monitoring those risks, and the convergence of both physical and cybersecurity threats.

A brief note to our listeners:  Our “Global Threats” podcast was originally recorded on May 3, 2019.  Since that time, additional events have occurred involving the regions we discuss on the podcast. Geopolitical realities can present risks for companies. The Chertoff Group’s Jonathan Paris, an expert in Middle East, US-China and transatlantic relations, provides regional insights and outlines the risks that Iran poses. What should global companies anticipate in the region?

How can technology play a role in modernizing the security clearance process? Allan Martin, co-founder and CEO of Lumina Analytics, speaks about how we move from an outmoded system that is manually based to one that is far more focused on technology. He discusses how the use of artificial intelligence could make the process more efficient and why continuous evaluation is needed in the security clearance process.

Private companies are collecting an enormous amount of data about us. What’s being collected, who is sharing it, and why? Privacy expert Justin Antonipillai, CEO of WireWheel, talks about the data that online retailers are collecting and buying about customers and how this information can be used. He discusses the steps that companies should take when it comes to privacy.

How can we protect the nation’s critical infrastructure from both physical and cyber attacks? Brian Harrell, the first Assistant Director for Infrastructure Security within the U.S. Cybersecurity and Infrastructure Security Agency (CISA), discusses how “soft” targets – from schools to stadiums and places of worship – can be protected. He talks about the convergence of physical and cyber security, the role of the government and private sector in protecting infrastructure, and how building resilience can help us avoid a single point of failure.

What is quantum computing and how might this disruptive technology change our lives? Paul Stimers, a partner at the law firm K&L Gates and founder of the Quantum Industry Coalition, talks about how the U.S. can encourage innovation in the field – or risk losing out to international competitors. He notes the importance that workforce development will play in the field. With the right investments, he believes the U.S. is capable of winning the quantum race.

Sometimes, the greatest risks to a company come from the inside. The Chertoff Group’s Lee Kair and Sean Horner discuss insider risk, why it happens and what can be done to identify and mitigate those risks. They stress the importance of continually monitoring behaviors that can indicate a red flag. And they offer insights on how a robust insider threat program can help all employees and help identify threats before problems arise.

The impending shift to Fifth Generation Wireless - 5G – will dramatically reshape almost all aspects of our lives. Its effects will impact all industries and it’s expected to herald unprecedented innovation. Cyber security experts Sam Visner and John Nagengast, members of the Intelligence and National Security Alliance’s Cyber Council, discuss how 5G is different from previous networks, its applications and whether the United States is on pace in the race to 5G implementation. The economy and many aspects of our lives will depend on 5G capabilities. What are the risks involved and how do we keep 5G networks secure?

Cybercriminals are escalating the cyber arms race with pace and determination. Cybersecurity expert Bill Conner, president and CEO of SonicWall, helps us explore the tactical advances by both the security industry and cybercriminals. Conner discusses the 2018 SonicWall Cyber Threat Report, which details more than 10.5 billion global malware attacks and spikes in ransomware, phishing, IoT threats and sophisticated salvos over non-standard ports. What can be learned about protecting against these threats and how can the public and private sectors work together to prevent them? Join us.

A common language is needed around cyber threats, says Jim Richberg, former National Intelligence Manager for Cyber and advisor to the Director of National Intelligence on cyber issues. He talks about how to turn cyber intelligence into actionable information. Lacking good metrics is the “greatest Achilles’ heel of cybersecurity,” he says. He cautions that while artificial intelligence and machine learning generate a lot of buzz, we have yet to understand the technology’s full potential.

Our devices are increasingly connected through the Internet of Things (IoT). What are the emerging risks associated with this connectivity? Adam Isles, a principal at The Chertoff Group, shares insights about the IoT environment and the need for standards in this space. He calls for security standards to be seamlessly integrated into the software development lifecycle. 

What is blockchain technology and how is it applied? Alan Cohn, a blockchain and cryptocurrency expert with Steptoe, explains the ins and outs of blockchain, its strengths as a security technology, and the landscape for oversight and regulation. He discusses blockchain’s potential and how companies are using it to innovate.

Which laws govern data in cyberspace and how do these issues evolve when conflicts happen? Chris Painter, a globally recognized leader in cybersecurity and cyber policy, discusses how governments can work together to drive good behavior online and set norms. Although we’re not yet at a stage where we have a United Nations treaty for cyberspace, Painter calls for more international cooperation between governments and the private sector. And he warns that there must be accountability for countries that break the rules.

Reputational hits can cost a company and damage a business. What’s the role of business intelligence and due diligence when it comes to mitigating risk? The Chertoff Group’s Ben Joelson and Brogan Ingstad discuss the evolution of how companies have managed risk and the steps that should be taken – from mining open-source intelligence sources to navigating the Dark Web – to avoid reputational damage.

A cyber-enabled economic warfare (CEEW) attack designed to undermine America’s strength would have far-reaching strategic and economic consequences.  Should such an attack occur, how would the U.S. government and private sector respond and what would they ask and expect of each other in the immediate aftermath?  Dr. Samantha Ravich, chairman of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation and David London, a senior director at The Chertoff Group, discuss what happened when senior leaders from the public and private sector came together to plan for such a scenario. They highlight the inter-dependencies in our economy and how we can work together to build resilience.

We often focus on cybersecurity, but physical security is just as important. How do companies take the lessons learned from organizations that have experienced tragedies and implement them to keep employees safe? The Chertoff Group’s Ben Joelson and Scott Gibson discuss technologies that could be part of the solution, and what happens when physical security and cybersecurity merge.

What happens in the first 24 hours after an organization experiences a crisis? Siobhan Gorman, a partner at the Brunswick Group, talks about the playbook that every organization should have in place before an incident occurs. She discusses the implications for both internal and external communications, how to involve the CEO, and the role of social media in these situations.

Drones have become ubiquitous for a number of commercial and consumer purposes. But what happens when drones land in the wrong hands? The Chertoff Group’s Ben Joelson and Phil Pitsky Vice President of Federal Operations for airspace security company Dedrone discuss the challenges and threats that drones can pose and what can be done under current law to protect from potential risks.

The current security clearance process is antiquated and should be modernized. Chuck Alsup, President of the Intelligence and National Security Alliance (INSA), and Chertoff Group Principal Charles Allen, discuss the growing momentum to reform the security clearance process. They talk about how the government and private sector can work together on standards to build a trusted workforce. Both are optimistic that change will happen to overhaul the security clearance process.

As General Michael Hayden continues his recovery at home, please enjoy his recent thoughts on private and public sector approaches to cybersecurity and information sharing as part of our latest Insights & Intelligence podcast. He chats about some of the thorniest issues facing the United States, such as Russian interference in our elections, and how we’ll deter future attacks. Gen. Hayden urges his fellow Americans to get more involved in these discussions that will “shape the American approach to the world for the rest of the century."

There are two types of companies – those that have experienced a #databreach and those that don’t know they have. As the amount of data breaches affecting the private sector has reached epidemic proportions, former FBI Executive Assistant Director Bob Anderson details the questions #CEOs should be asking to avoid an attack and what to do if a breach occurs. He discusses important steps companies should be taking to minimize #risks.

Chad Sweet, co-founder and CEO of The Chertoff Group, discusses the purpose of the Committee on Foreign Investment in the United States (CFIUS), how it works and how we can encourage foreign investment without compromising security. He highlights some changes in the law that every company doing business in the United States should know.

When it comes to terrorist attacks, some of the biggest threats to security involve soft targets – airports, concert venues and nightclubs. Dr. J. Bennet Waters, who leads The Chertoff Group’s global Strategic Advisory Services, discusses ways to manage risk, be aware of threats and balance security with privacy with civil liberties. Keeping ahead of what our adversaries are doing – and sharing that information in a way that’s actionable – is critical.

We’re on a break for the holidays, but look for more insights from the podcast when we return on January 7, 2019.

How can security be embedded in the technologies used in automobiles? Fay Francy, executive director of the Automotive Information Sharing and Analysis Center (Auto-ISAC), discusses how the auto industry is working together to make sure the software used in cars is safe and secure.

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research, analyst, & strategy roles. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations, and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity.    

From insertable cardiac monitors to medical devices connected to smartphones, healthcare has become more responsive to patients. Abbott’s Chris Tyberg and Chertoff Group Principal Bennet Waters discuss technological advances in digital health and the role that cybersecurity plays in this new healthcare frontier. They share insights from a new study of physicians and hospital administrators on cybersecurity in the connected hospital and the need for collaboration to address current challenges.

What do organizations need to know to effectively manage security when moving to the cloud? Delta Risk CEO Scott Kaine walks us through important considerations such as identifying what you already have in the cloud, ensuring the environment is configured correctly, and determining who has access. He stresses the need to triage what’s important when it comes to securing the cloud. And he discusses the role that artificial intelligence and machine learning could play in the future.

While biometric technologies have been around for a long time, we’re now starting to see them in our day-to-day lives. From iris and fingerprint scans to facial recognition software, Lee Kair, managing director at The Chertoff Group, breaks down what we need to know about biometrics. Kair, an expert in aviation and transportation security, chats about how biometrics can be used to speed up travel processes while making them more secure. He argues that transparency will be critical as we balance the appropriate use of biometrics with privacy concerns.

The data revolution has made our lives more convenient, but it’s also created vulnerabilities. Former Secretary of the U.S. Department of Homeland Security and The Chertoff Group Founder Michael Chertoff discusses his new book, “Exploding Data: Reclaiming Our Cyber Security in the Digital Age.” The use of digital tools has allowed us to generate a lot more data and to analyze it, altering our perception about the lines between public and private information. Chertoff talks about how we can avoid living in a world of ubiquitous surveillance and the need for greater protection of our cyber infrastructure. Finally, he calls for updates to policy and legal frameworks to reflect our new reality.