When the new president takes up residence at 1600 Pennsylvania Ave., cybersecurity will be on the shortlist for action. What's a president to do?

TechNewsWorld asked more than a dozen experts what should be at the top of the new leader of the free world's cyberagenda. Following are some of their responses.

"The president has to set the tone early on cybersecurity -- within the first 100 days -- and say right off the bat that this matters," said Sam Curry, chief product officer at Cybereason.

The first priority should be protecting government systems, he explained.

"New cabinet secretaries have to understand that their mission can't be done without secure systems," said Curry. "Far too often, cybersecurity is not even on the list of priorities for initiatives and agencies and staffing."

All government agencies should be required to adopt a formal assumption of breach framework, recommended Jeffrey Carr, CEO of Taia Global.

"This means that they acknowledge that they are currently in a state of breach," he explained, "and must immediately act to identify and secure their critical assets as well as build in resiliency."


Share the Wealth

Information sharing is another issue that needs executive attention.

Some progress has been made in sharing cyberintelligence between public and private sectors during the current administration, but the next administration should ramp up those efforts, recommended Scott J. White, director of the cybersecurity program at The George Washington University.

"The United States has the largest intelligence-gathering apparatus in the world," he pointed out.

"Who is it gathering that intelligence for? If it's gathering intelligence just for its own internal consumers in government, then we're making a mistake," White continued. "We have to be able to get real-time, threat-based cyberintelligence to the private sector."

Public-private cooperation is important in organizing the nation's cybersecurity efforts, maintained Damien Van Puyvelde, an assistant professor at The University of Texas at El Paso.





I played a board game with my almost-three-year-old daughter a few days ago. Given how much time I spend away from home I tend to be pretty easy to con into just about anything my twins want to do. Bella picked the one with the little pop-up bubble where you press down and the die jumps, and there are pieces that move around the board. I think it was a modern version of Sorry. Remember that from when you were a kid?

My daughter set all the pieces up (which is impressive for an almost-three-year old) and pointed at the bubble when it was my turn to roll the die. Then, the fun started.

As we started playing, I got the sense that these weren’t exactly the rules from the rule book. But since I didn’t have time to read that, and she doesn’t know how to read, I went along with it. The game got more interesting for the next few minutes. I rolled the die, I moved the pieces and she would rearrange them to some other configuration she preferred. She probably watched some of the bigger kids playing by taking turns and moving pieces and decided she would just figure out the rest.

You can safely assume I lost the game. I think.




Data analysis can be used to expose patterns in cybercriminal communication and to detect illicit behavior in the Dark Web, says Christopher Ahlberg, co-founder and CEO at threat intelligence firm Recorded Future.

Ahlberg in November at Black Hat Europe 2016 in London will discuss how security pros can discover these patterns in forum and hacker behavior using techniques like natural language processing, temporal pattern analysis, and social network analysis.


Most companies conducting threat intelligence employ experts who navigate the Dark Web and untangle threats, he explains. However, it's possible to perform data analysis without requiring workers to analyze individual messages and posts.

Recorded Future has 500-700 servers it uses to collect data from about 800 forums across the Dark Web. Forums are organized by geography, language, and sectors like carding, hacking, and reverse engineering.


'Pattern Of Life'

Ahlberg describes the process of chasing bad actors as "pattern of life analysis." This involves tracking an individual, or class of individuals, to paint a picture of their activity and develop a profile on their behavior. 





Ever since Edward Snowden leaked his unprecedented collection of NSA secrets three years ago, tech firms have scrambled to protect their users from the surveillance he revealed, in many cases adding robust encryption to consumer products. But as a new email spying scandal unfolds around Yahoo, it’s clear that the post-Snowden encryption push not only failed to protect the company’s hundreds of millions of email accounts from American intelligence agencies. It also seems to have driven those spies to demand more pervasive access to Yahoo’s systems than ever—and Yahoo complied.

On Tuesday, Reuters broke the news that Yahoo in 2015 created a tool for scanning its trove of user webmail on behalf of the FBI or the NSA, scouring hundreds of millions of arriving emails for specific search terms the agencies provided. The revelation marks the first time this sort of large-scale, real-time email scanning by a tech firm is known to have been done on behalf of surveillance agencies, and the practice reportedly led Yahoo’s chief information security officer at the time, Alex Stamos, to resign over the security and privacy issues it introduced.

The spying scandal is surprising, in part, because it follows years of improvements to Yahoo’s email encryption practices. And from a broader perspective, it shows how law enforcement and intelligence agencies are aggressively responding to the spread of encryption in the services provided by companies like Yahoo, Apple, and perhaps other Silicon Valley stalwarts: When surveillance operations are stymied by uncrackable crypto, they increasingly respond by demanding that tech companies perform intrusive operations themselves. 

A New Prism

“The webmail providers have encrypted everything that comes to them and leaves them,” explains Stewart Baker, a former general counsel for the NSA in a phone call with WIRED. “I expect that what happened here is that the government went to Yahoo and said, ‘we can’t find this particular target anymore, but we believe he’s communicating using your servers, so we’re asking you to do what we used to do when we had access to your traffic.'”