ActiveCyber Interview with Bob Gourley – Former CTO of DIA

Bob Gourley Provides Forecasts and Recommendations for Active Cyber Defense: Bob Gourley of Cognitio and former CTO of DIA talks about the key trends impacting cybersecurity and how active cyber defense can play a role in this recent interview with ActiveCyber.

I recently connected with Bob Gourley at a cybersecurity conference and, knowing his reputation in this field, immediately asked him to interview with ActiveCyber. Bob graciously accepted my request. Bob has been a trend-setter in cyber and continues to provide unique insight as a partner at Cognitio, as evidenced by his recently published book – The Cyber Threat. Bob showcases his knowledge across several domains, including cyber, mobility, and cloud in the interview that follows, and demonstrates a real advocacy for active cyber defense.

Spotlight on Bob Gourley, Cognitio

» Title: Former CTO of Defense Intelligence Agency; Co-Founder and Partner, Cognitio, Virginia
» Email: bob.gourley@cognitiocorp.com
» Website: http://cognitiocorp.com
» Linkedin: https://www.linkedin.com/in/robertgourley
Read his bio below.

October 2, 2015

Chris Daly, ActiveCyber: Your recent newsletter introduced a new acronym – CAMBRIC – can you explain the meaning of this acronym and why you chose the elements that make it up?

Bob Gourley: CAMBRIC is a way to remember the seven information technology megatrends driving the entire community forward:

Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, Cyber Security

Daly: The vision for active cyber defenses calls out the need to sense, make decisions, and respond in near real-time to cyber threats – how do you see this vision become a reality through application of CAMBRIC?

Gourley: Automated action is being enabled through years of hard work by some of the community’s greatest minds. Today the infrastructure and standard components are coming into place, like SCAP, STIX/TAXII and the high fidelity network and endpoint monitoring capabilities available commercially. But key enablers include advances in cloud computing, where the power of highly efficient computational services can help assess threats and aid in decision making. Assessing threats in modern enterprises always requires new Big Data approaches designed for scale, and Artificial Intelligence and Machine Learning are also key components enabling an ability to automate actions.

Many enterprise decision-makers are still not comfortable allowing total automation of action in defense, and most enterprises we see that enable automation are keeping humans in the loop in most situations. But over time as the AI gets better we see much more automation in the future.

Daly: Federal IT managers still cite many challenges of securing data in the public cloud. What types of proactive defenses are needed to address these cloud data protection challenges?

Gourley: The record is now clear, data can be made much more secure in public clouds than in federal networks. To make a federal network and its data secure requires focused leadership and real budgets. The IC and DoD and some elements of DoJ and DHS have the ability to secure their own data. For others, it is probably going to make much more sense to leverage cloud capabilities. Just make sure you engineer in all the right authentication, authorization, encryption, access management and auditing.

Daly: Some forecasters predict the surface area for potential cyber attacks to grow 10x larger from 2010 to 2020 due to the introduction of the Internet of Things. As a result, some security experts suggest that we mandate that everything that connects to the Internet have a minimum level of protection built-in. What adaptive security approaches do you believe enterprise CISOs and vendors must consider to address this growing problem as the Internet of Things rolls out?

Gourley: Expect by 2020 that there will be over 100 Billion devices connected to the Internet. Also expect by 2020 there will be over One Trillion sensors connected to the Internet. Now ask yourself they hypothetical question: do you have any reason to believe the coming Internet of Things will be any more secure than our current environment?

All indications are that the only way we will be able to keep up and mitigate threats in this new environment is to automate security. We need automated ways to scan anything that attaches to the net and assess its level of risk and take appropriate action.

Daly: Some security professionals believe that defenses built upon supervised machine learning and AI could resolve countless mundane attacks so that security analysts could focus on the high-priority threats that matter most. What is your view on security automation based on AI? Do you believe that AI could take on more complex challenges as well?

Gourley: AI and Machine Learning might be the only way we can keep up with the threat in the coming age of machine learning. Other less automated approaches just will not scale.

Thanks Bob for sharing your significant knowledge across such a broad set of cybersecurity topics. I believe many of ActiveCyber’s readers will benefit from the insight you provide to create better and more proactive cyber defenses.

And thanks for checking out ActiveCyber.net! Please give us your feedback because we’d love to know some topics you’d like to hear about in the area of active cyber defenses. Also, email marketing@activecyber.net if you’re interested in interviewing or advertising with us at ActiveCyber.