Private, Government Cooperation Could Stem Cyberattacks
RACHEL MARTIN, HOST:
For more on the president's cybersecurity proposals, we are joined by Derek Manky. He is part of an industry group called the Cyber Threat Alliance, which has signed on to the president's cybersecurity plan. Thanks so much for being with us.
DEREK MANKY: Yeah, no problem. It was my pleasure.
MARTIN: Let's start off by talking through some high-profile examples of security breaches and how the president's executive order might have helped in these scenarios. If we look at the Sony hacking, for example, email from the company's servers was made public, hackers were digging up details of the company's internal operations and employees' personal information. How could more cooperation with other companies and the federal government - how could that kind of collaboration have made a difference in that situation?
MANKY: Sure, you know, really, really good question. So there's a lot of information to be shared. So, you know, as an example, these attackers, when they're going into a network like Sony, they leave a digital fingerprint or a trail behind them. And often that fingerprint can be observed somewhere else in the world. They're usually not just going after one target, right? They can go after a different target maybe two days before. So bits of that digital fingerprint, again, can be shared in advance, and the corporation can get it. By the time they go after their next target, that corporation's already going to have that intelligence and be able to stop the attack as well.
MARTIN: What about the target hacking, which was a case of credit card numbers that were stolen and then put on the black market for sale, what kind of cooperation would have helped there?
MANKY: You know, in all cases, it's not always possible to stop an attack. You can never say 100 percent, you know, guarantee that there's a silver bullet to stop these things. So in a case like Target and - you know, even myself thinking back to I think it was 2007, 2008 - TJX, they got hit by a massive breach back then.
MARTIN: We should say TJX is T.J. Maxx.
MANKY: Yeah, right. That's correct. These attacks sit on the network undetected for a long period of time. So the incident response - the quicker you can detect these things the less credit cards are stolen, the less damage that there is and the quicker that you can respond to them as well. So I mean, you know, in a case like Target, sharing this information, being able to actually just detect that threat in the first place goes a very long way and to understanding the threat and responding to it.
MARTIN: We have seen some big tech firms stay away from the president's meetings today, protesting over the amount of information the government has gathered in the past about their customers, which goes back to revelations about the NSA practices. Is this still a big concern? I mean, what indication do you have about the kind of companies that might agree to these kinds of proposals?
MANKY: There's a big difference between, you know, what's alleged in, you know, in Snowden and NSA and all of this, you know, the information that would be shared in a case like that compared to what's proposed in this framework. You have to understand that this framework, they're not going to be saying here's all the consumer records that were stolen, and, you know, it - relate it to person A. Here's person A's address. Like, that's personally identifiable information. What we're talking about is saying there are a whole bunch of, you know, maybe 100,000 people that were affected by this. Here's the details on the attack. Here's what the attackers were looking for. Be aware of these attackers.
MARTIN: What does this mean for the average consumer who is largely just concerned about protecting their own information? Do these proposals make consumers safer?
MANKY: Yes, absolutely. Whether it's a credit card breach or it may be someone going after health care records, again, when the attacker's on that system, the longer that they're allowed on that system, the more consumer records they can get. So, you know, if these attacks can be reduced, if the time of infection can be reduced, you know, the less consumer records are going to be impacted, and so there is a positive benefit to consumers there.
MARTIN: Derek Manky. He is part of an industry group called the Cyber Threat Alliance. Thanks so much for talking with us.
MANKY: No problem. It was my pleasure.
MARTIN: Derek Manky is also lead threat researcher for the cybersecurity company Fortinet. Transcript provided by NPR, Copyright NPR.