The Digital Big Bang The Hard Stuff, the Soft Stuff, and the Future of Cybersecurity

Cybersecurity experts from across industries and sectors share insights on how to think like scientists to master cybersecurity challenges 

Humankind?s efforts to explain the origin of the cosmos birthed disciplines such as physics and chemistry. Scientists conceived of the cosmic ?Big Bang? as an explosion of particles?everything in the universe centered around core elements and governed by laws of matter and gravity. In the modern era of digital technology, we are experiencing a similar explosion of ones and zeros, an exponentially expanding universe of bits of data centered around the core elements of speed and connectivity. One of the disciplines to emerge from our efforts to make sense of this new universe is the science of cybersecurity. Cybersecurity is as central to the Digital Age as physics and chemistry were to the Scientific Age. The Digital Big Bang explores current and emerging knowledge in the field of cybersecurity, helping readers think like scientists to master cybersecurity principles and overcome cybersecurity challenges. 

This innovative text adopts a scientific approach to cybersecurity, identifying the science?s fundamental elements and examining how these elements intersect and interact with each other. Author Phil Quade distills his over three decades of cyber intelligence, defense, and attack experience into an accessible, yet detailed, single-volume resource. Designed for non-specialist business leaders and cybersecurity practitioners alike, this authoritative book is packed with real-world examples, techniques, and strategies no organization should be without. Contributions from many of the world?s leading cybersecurity experts and policymakers enable readers to firmly grasp vital cybersecurity concepts, methods, and practices. This important book:

• Guides readers on both fundamental tactics and advanced strategies
• Features observations, hypotheses, and conclusions on a wide range of cybersecurity issues
• Helps readers work with the central elements of cybersecurity, rather than fight or ignore them
• Includes content by cybersecurity leaders from organizations such as Microsoft, Target, ADP, Capital One, Verisign, AT&T, Samsung, and many others
• Offers insights from national-level security experts including former Secretary of Homeland Security Michael Chertoff and former Director of National Intelligence Mike McConnell

The Digital Big Bang is an invaluable source of information for anyone faced with the challenges of 21^st century cybersecurity in all industries and sectors, including business leaders, policy makers, analysts and researchers as well as IT professionals, educators, and students.

Introduction xvii

Section 1: Binding Strategies 1

1 Speed 5

Speed: The Nucleus of the Cyberfrontier 7
Roland Cloutier, ADP

Is Speed an Advantage? It Depends on the Context 18
Scott Charney, Microsoft

2 Connectivity 23

Managing the Intensifying Connectivity of the IoT Era 25
Brian Talbert, Alaska Airlines

Cyberspace: Making Some Sense of It All 30
Chris Inglis, Former NSA Deputy Director

Section 2: Elementary Shortfalls 43

3 Authentication 47

Authentication, Data Integrity, Nonrepudiation, Availability, and Confidentiality: The Five Pillars of Security 50
Mike McConnell, Former Director of National Intelligence

Authentication and Models of Trust 58
Shannon Lietz, Intuit

4 Patching 65

Patching: A Growing Challenge and a Needed Discipline 68
Chris Richter, Former VP of Global Security Services, CenturyLink

Conquer or Be Conquered 74
Renee Tarun, Fortinet

5 Training 79

Fill the Skills Gap with an Environment of Continual Training 82
Chris McDaniels, CT Cubed, Inc.

Employee Training is Key for Cybersecurity 89
Mo Katibeh, AT&T

Training is a Mindset 97
Dave Rankin, Verisign

Section 3: Fundamental Strategies 103

6 Cryptography 105

Cryptography: The Backbone of Cybersecurity 108
Taher Elgamal, Salesforce

Cryptography: The Good, the Bad, and the Future 117
Dan Boneh, Stanford

7 Access Control 127

Managing Access in Challenging Environments 130
Erik Devine, Riverside Health

A Systematic Approach to Access Control 136
George Do, Equinix

8 Segmentation 143

Successful Segmentation Isn’t Separation: It’s Collaboration 147
Colin Anderson, Levi Strauss & Co.

Why We Need to Segment Networks 153
Hussein Syed, RWJBarnabas Health

Section 4: Advanced Strategies 161

9 Visibility 164

Visibility: Identifying Pathogens, Risk Factors, and Symptoms of Cyberattacks 167
Michael Chertoff, Former Secretary, Department of Homeland Security

20/20 Insight: Redefining Visibility to Stop Modern Cybercrime Syndicates 173
Tim Crothers, Target

The Challenge of Visibility 180
Daniel Hooper, PIMCO

10 Inspection 188

In and Out of the Shadows: The Visibility That Inspection Enables is Not Confined to Technology Alone 192
Ed Amoroso, TAG Cyber

The Fundamental Importance of Inspection 199
Michael Johnson, Capital One

11 Failure Recovery 206

Preparation, Response, and Recovery 209
Thad Allen, Booz Allen Hamilton

Cyber Event Recovery 219
Simon Lambe, Royal Mail

Section 5: Higher-Order Dimensions 223

12 Complexity Management 226

Shift Your Mindset to Manage Complexity 229
Michael Daniel, Cyber Threat Alliance

Seven Steps to Reducing Complexity 238
Jay Gonzales, Samsung

13 Privacy 246

Don’t Panic! Security Pros Must Learn to Embrace the New Era of Privacy 249
Kevin Miller, MGM Resorts International

Stricter Privacy Regulations Are Driving the Conversations—and Innovations—We Need 259
Peter Keenan, Global Financial Services Firm

14 Human Frailty 265

Overcoming Human Frailty: People and the Power of Obligation 268
Kevin Kealy, Ingram Micro

Overcoming Human Frailty by Design 274
Theresa Payton, Fortalice

The Future 282

Why Cybersecurity Needs AI 290
Michael Xie, Fortinet

The Future of Cybersecurity 293
Ken Xie, Fortinet

Index 301

Phil Quade is the CISO of Fortinet. Phil brings more than three decades of cyber intelligence, defense, and attack experience, working across foreign, government, and commercial industry sectors.