SecureSlinger

I just returned from a trip to New Delhi where I met with several government agencies and organizations working hard to secure India’s government and businesses. India is an incredibly important country as part of our global economy and around the world, as we clearly rely on India for a great deal of services today. It was my honor to be a guest this past week to learn more about the many ongoing security projects and activities there and to share with them our cohesive strategy ala Intel, Wind River and McAfee. My thanks to Dr. Gulshan Rai and his team at CERT-IN for hosting us, and we look forward to the privilege of continuing to work closely with you in the future. CERT-IN continues to play an important role in that country’s cyber security incident prevention and response. Similar to McAfee’s Online safety portal, CERT-IN’s SecureYourPC portal helps to bring awareness to the masses, providing tools and resources that help everyone from India’s businesses to the average citizen understand how to best protect themselves online. My thanks also to Dr. Kamlesh Bajaj and team at the Data Security Council of India, an organization that is making significant strides in helping India’s businesses by raising security and privacy awareness. With security and privacy frameworks, eLearning tools, and many other resources, DSCI is encouraging the adoption of sound practices to help assure India’s client base that India is a ‘secure destination for global outsourcing’. 

With the release of our most recent review of the state of critical infrastructure around the world, in which we found an overwhelming majority impacted by sabotage and network infiltration, I believe that it’s also time to reflect on the positive efforts many, such as the world’s CERTs, are already making in this area. With our embedded security strategy to integrate technologies like application whitelisting into control systems, ATMs, point of sale machines, and other devices with numerous key vendors, as well as on Wind River platforms, I am proud of the considerable strides McAfee is making in positively impacting the future state of these systems – all important to our global economies. Together with organizations like CERT-IN, DSCI and so many others around the world, we can bring much needed improvements to the security of critical infrastructures and help protect our collective and connected economic viability around the world.

Welcome to the 2^nd week of Cyber Security Awareness Month in the U.S. where we just launched the new slogan “STOP.THINK.CONNECT”. Last Monday, I represented McAfee at the official kickoff of CSAM up in Seattle where we spent a good deal of time doing the first two of that motto.

Sitting on a panel with representatives from DHS, NIST, the FTC, ISC(2), AT&T, and others, I was encouraged by the creative ideas and passion people in this country have about educating users. We discussed an important thing I think most of us still grapple with: beyond altruism, what can we do to drive a change in user behavior to protect their connected devices, and not become part of the problem?

I keep coming back to money as an incentive that – we rarely want to admit – does motivate. I come back to the words “discount” and “reward” and wonder if using such “incentives” for keeping our devices clean, will payoff for those not driven by altruism alone? “Incentives” are driving healthcare change, smart grid development, and other important changes in this country. Can it help change user behavior here and elsewhere?

The week before the CSAM kickoff, I was traveling through Singapore and Malaysia, talking to different government agencies about how they approach cybersecurity. Aside from our same old conversations about the cybercriminal, I’m always drawn to real solutions in spite of the criminal. And I’m always happily reminded on these trips that there are fresh and innovative ideas out there from which we could all learn.

How about a banking system using two-factor authentication to have a real impact on fraud, or the use of chip cards to break the cycle of skimming/credit card theft-to-fraudulent purchases-to- reissuance-to-criminal investigations-to-attempted extradition to find different members of the same group succeeding elsewhere all over again.

How about the use of every day citizens who volunteer to be “Ambassadors” in the CyberSecurity Malaysia program called CyberSAFE (Cyber Security Awareness for Everyone) to reach their peers in the community, and the younger generation who look up to them at an impressionable time in their lives. Their portal is complete with multimedia content, featuring videos on select topics including ID Theft and social networking, and games to test your knowledge on different topics. 

It reminds me of the great work that Parry Aftab at WiredSafety has been doing here in the U.S. with “WiredTeens” and “Teenangels” to educate their peers about online safety. No better source for kids than to get it from their peers….. 

Which brings me back to the U.S. and CSAM 2010. I’m happily flying to Maryland this month to support Morgan State University who is also a great role model here in the U.S. Not only is Morgan State, in an initiative led by Dr. Wole Akpose , holding a cyber security awareness event on campus for their employees and their student body. They are taking on their “Shared Responsibility” to invite and educate their entire community how to ‘STOP.THINK.CONNECT”. 

Of course, Morgan State is just one of many examples of the exciting activities going on throughout the country this month where, as security experts, we are spending a lot of time helping end users to “STOP.THINK.CONNECT”. But let us add in some real time this month to “STOP.THINK.CONNECT” among our peers about real solutions for awareness as well. With the fresh ideas I learn about daily around the world, I’m certain there is a lot that we can accomplish.

As many of you in the U.S. know, October marks the U.S. annual Cyber Security Awareness Month. Other countries such as the U.K., Australia and Japan hold similar events in their countries to mark the importance of online security and safety awareness.

In collaboration with the National Cyber Security Alliance and as part of our education imperative in the Initiative to Fight Cybercrime, last year McAfee piloted a volunteer program to reach K-12 classrooms in 4 metro areas. This October, we’re rolling it out to McAfee volunteers and to our channel partners across North America.

I’m proud that not only do McAfee employees tend to love what they do at work, but that they also feel inspired to get into the classrooms in their communities and be part of this important activity. We are also excited that our channel partners feel as passionate about education as we do and want to join us in our communities this year. 

To be ready, we’ve launched a new website for schools to learn about Cyber Security Awareness Month activities in the classroom and how they can request volunteers for their schools. For this year, we’ve also pulled together all of our efforts in our Cyber Safety Resources Portal to educate so that schools and families can benefit not only from the awareness McAfee and our fellow colleagues across the industry are bringing to schools in October, but also provide guidance year-round. 

We’re also providing html buttons to our Cyber Safety resources portal so that our channel partners, schools and others can offer an educational resource to their communities and help connect as many users to online security and safety information.

We hope these and other similar activities being encouraged by the Department of Homeland Security inspire our colleagues across the industry to take part in education and awareness. As President Obama says, “it’s our shared responsibility”. And businesses, we hope you are already fully leveraging the wealth of information for you in our Threat Resource Center from up-to-date analysis in our blogs, to quarterly threat reports, to podcasts and more. 

We hope you all feel a sense of “shared responsibility” and join us in getting the word out about Cyber Security Awareness Month!