Story Highlights: Michael Chertoff advises leaders to take a risk management, immunization approach for effective systems security at a DC-area cybersecurity conference.
By James Thompson
Contributor, In Homeland Security
Former U.S. Secretary Homeland Security Michael Chertoff addressed a full house during the 2017 Cybertech Fairfax Conference at Capital One headquarters in Fairfax, Virginia, June 13.
As opening keynote speaker, Chertoff covered the current state of cybersecurity in relation to mounting threats by proposing proactive solutions for private industry and government leaders to reduce the potential of human error, a key back channel for hacker egress.
Citing “surface area” cyber issues that result from human error, Chertoff stressed the importance of proper risk management as essential to enterprise strategy. His recommendation is to develop a culture that reinforces the importance of security in everyday operations by “setting peoples’ expectations … so they’re empowered.”
Chertoff advised attendees to focus on organizational principles, beginning with company policies and procedures so employees understand and are responsible for their security role. This includes adequately training “your assets.” He also proposed the thought, “Is your company cyber-immunized?” with the help of an audience members’ question where they metaphorically likened the approach to cyber-immunizing the workforce.
‘Is your company cyber-immunized?’
Asking leaders to adopt a preemptive stance to cybersecurity threats by mitigating human error at the root level of employee interaction is a theme that continues to elude many organizations. On the heels of the Yahoo! cyberattack that impacted nearly a billion consumers, Chertoff wrote in his Oct. 2016 CNBC Op-Ed:
“A closer examination of major breaches reveals a common theme: In every “major headline” breach, the attack vector has been the common password. The reason is simple: The password is by far the weakest link in cybersecurity today.”
– From the CNBC.com commentary article, “Passwords are the weakest link in cybersecurity today,” by Michael Chertoff.
Chertoff expanded on his body metaphor by asking whether or not federal or private agencies should expect a standard level of security across all peer organizations; And, if not, should noncompliant agencies be excluded or banned? His observation—if a child does not have up-to-date immunizations, should the child be in school?
The Chertoff Group
Chertoff serves as Co-Founder and Executive Chairman of The Chertoff Group, “a premier global advisory firm focused on security and risk management,” that includes topline leaders from the federal government, the private sector and equity firms. He led the U.S. Department of Homeland Security from 2005 to 2009, served as a Federal Judge on the U.S. Court of Appeals for the Third Circuit (2003 to 2005), and as Assistant Attorney General of the United States, Criminal Division (2001 to 2003). Learn more about his cybersecurity policy analysis and strategies by visiting The Chertoff Group white papers.
Cybertech Fairfax Conference
The one-day Cybertech Fairfax Conference is hosted by Capital One in partnership with the Fairfax County Economic Development Authority. The conference presents “high-profile speakers and panelists” with a common mission to further the advancement of solutions and strategies that solve “diverse challenges for a wide range of sectors including finance, transportation, utilities, defense, communication and government, to protect operations, infrastructure and people.”
As a prime region for the cybersecurity solutions industry, Fairfax County has “more than 350 cyber companies,” and the State of Virginia hosts “more than 650” cyber companies, according to conference panelist and Secretary of Technology for the Commonwealth of Virginia Karen Jackson.