Programmers must teach computers and networks to protect themselves because they're fast but not smart, Phyllis Schneck told a crowd gathered Monday at the Clinton School of Public Service in Little Rock.
Schneck is the deputy under secretary for cybersecurity and communications for the National Protection and Programs Directorate and the chief cybersecurity official for the Department of Homeland Security.
In her speech, Schneck focused on the importance of public-private partnerships in combatting cybercrime. She also said her federal team needs additional manpower because it's not large enough to handle its "enormous" purview.
Schneck said the threat of cybersecurity breaches has grown and her team's job is to respond to potential breaches. They are flown overnight to provide 24-7 help to federal entities along with businesses, schools and state and local agencies. The team calls it "cleanup on aisle 9," Schneck shared.
Previously: What small businesses must know about cyber attacks.
Schneck said their mission is to make technologies safe and fun, and to make sure U.S. businesses and markets grow by stopping and arresting cybercriminals.
Schneck said cyber criminals "execute (breaches) with a ridiculous amount of agility because they don't have to stop and say, 'What do I do to make sure I get that right? How do I protect private information? How do I make sure that's safe?' They simply steal because we've innovated so quickly as a country and as a world. We have machines that, I said earlier, are not smart. They're just fast."
She said innovation, as it was 15 years ago, is still outpacing security and computers are only as good as "what we teach them."
On the current state of cybersecurity, Schneck said, "I guarantee you every network has a visitor. Guaranteed. The question is, is it going to hurt you?"
Schneck said a business or organization that suspects a breach should never pull the plug on its network, as has been suggested in the past. Doing so alerts cyber criminals that they've been discovered and makes tracking them more difficult
The solution is to treat a network like a biological being, to boost its ability to recognize and thwart an attack like a human's immune system fights off illnesses, Schneck said. Over the last 20 or 30 years, professionals have learned to stop attacks they already know are happening, she said.
The new goal is to stop attacks that people don't know are happening — to teach a computer to not run an instruction from a hacker, who right now could break into a network and go undetected for months.
One way Schneck's team hopes to accomplish their mission is by building a talented and diverse workforce. Diversity is important because cyber criminals are a diverse group, she said.
Schneck's team has the authority to hire people on the spot, often for temporary positions.
"We also have the authorization to pay cyber-people a little more — probably not as much as the private sector," Schneck said, but the mission and impact new hires can have is "incredible."
Data Breach Simulation
Schneck and other federal officials were in Little Rock to conduct an all-day data breach exercise for lawyers. The event was co-hosted by the legal department of Wal-Mart Stores Inc. of Bentonville and the Arkansas Department of Information Systems.
About 25-30 participants, half of them chief information technology officers, responded to a fake data breach at a theoretical university. The exercise was conducted at the Clinton School.
The goal of the exercise was to show that cybersecurity isn't just an information technology problem, but requires a team approach that includes communications professionals and attorneys; and that every company needs a plan to deal with a possible breach.