They got it right. In early 2000, Intel senior management correctly predicted the increase of importance in computer security. The era of cyber was going strong but the combination of a rapidly growing worldwide user base and the intense upsurge of adoption of people, data, and systems to computer based technologies and infrastructures, was fostering the right combination for trouble. An easy and target rich environment fueled interest and investment from cyber-threats chasing the lure of potentially lucrative financial gain, notoriety, and power. Pervasive threats and losses have a way of slowing down progress. In this case it could be detrimental to technology innovation and adoption. A decade ago the future of computing was not completely clear, but one thing was for certain. Security was to play a role.
Countering the threats. Where there is value, power, and fame there will be theft, abuse and opposition.
But as attacks rise, so do efforts to thwart them. Defensive investments poured into the mix. An ongoing struggle has taken place, waged in software, services, networks, and most recently in the hardware itself. Back then, Intel began hardening its products and took great care in protecting its own operational infrastructure and intellectual property. This is about the time I started with Intel. Our software and product groups began adopting security design principles and developing security features. Since, the company has made a number of investments, large and small acquisitions, and backed services, to expand security expertise to keep cyber threats from dampening the growth of the computing markets, digital services, and supporting infrastructures worldwide.
Security is getting better all the time, but is losing the race. The industry as a whole struggles with securing systems and services. An uncanny cycle naturally exists, and repeats itself time and again. New technology, in the form of operating systems, software, or devices emerge. If adopted by customers and used to access or control something of value, they become targeted. It is just a matter of time and the compromises begin and crisis ensues. The product and independent security providers respond to the new threats as fast as they can and begin to make it more difficult for the attackers until a stability point is reached where a tense balance is attained between incursions and responses. This manageable state remains until new technology or usages emerge and the cycle repeats.
Leadership or crisis. This cycle is shifting in favor of the attackers. The amount of resources, in the form of talented people, funding, and focus, are being coupled with huge advances in innovation, growth of the user base, new form factors, and a proliferation of devices being connected to the cyber world. Everything which benefits the attackers is gaining in speed and size. In the next few years, the defenders will be faced with a multitude of new form factors, such as wearables, vehicles, home appliances, and even embedded biologic apparatuses. The number of devices connected to the Internet will grow by 3000% in the next decade. Threats are adapting faster to the increased rate of technology development and adoption. Security is falling behind the pace. The resources, education, tools, and organization of aggressive cyber technology is nearing professional levels. While available talent for the defensive side is becoming scarce.
The traditional way of providing cyber security will not sustain. The evolution of defensive technologies has been that of compartmentalization. A device on the network to filter out bad traffic. A software agent on the personal computers to thwart malware. Identity and authentication services to validate access. Intrusion detection, event monitors, spam filters, backup systems, database encryption, hardware acceleration, etc. all worked largely independently with limited effectiveness. It has been a struggle for devices, software, services, and usages to keep up with the attackers. Soon it will be overwhelmed.
We manage security through leadership or crisis. In the absence of leadership, we are left with crisis. It is time our industry change. To endure the challenges we are soon to face, we must think differently. We must support and strive for cooperation across different technologies to work together instead of independently. Hardware should support entrenched software security capabilities. Independent defensive technologies must be designed to work collaboratively in a dynamic way to remain viable against emerging threats. Security services should be able to leverage the entire stack to deliver the very best solutions. We must lead or capitulate to crisis.
Here is where Intel is taking a stand and showing leadership. Across Intel, our wholly owned subsidiaries, and business partners, we have tremendous expertise, capabilities, and resources. Intel has some of the world’s best silicon engineers and architects, who have created the products which support most aspects of the Internet and communication as we know it. McAfee is a leader in security software and services, with one of the most comprehensive portfolios of any security vendor. WindRiver develops military grade system-on-a-chip (SoC’s). Intel’s very own IT security organization has earned great respect and insights from defending one of the largest networks, insanely sensitive manufacturing environments, and most valuable intellectual property of any company. Intel is in a position to show thought leadership.
Honored to accept a new role. Leadership is key to organizing resources to achieve an optimal level of security. Intel recently announced the formation of the Intel Security group to align, coordinate, and prioritize efforts corporate wide. It is time to pull the independent security expertise from all these areas under one umbrella to show how silicon, firmware, software, and services can work together for maximum security effect. Intel and partners are capable of leading the industry into change by driving security capabilities designed to work collaboratively end-to-end to meet the varying needs of users and improve security across all devices. The lack of overall cooperative design and integration across these domains must be overcome, as they are holding back security at a time of great innovation and proliferation of technology in our cyber connected world.
The stakes are high. Never in the history of mankind has technology advancement and proliferation been so fast to establish control over the most valuable and sensitive parts of our lives. If security fails users in the coming years, I fear the era of ‘cyber’ will begin to wither away.
With the challenges set before us, I am honored to accept a new role within the Intel Security group, as a Cyber Security Strategist. After over 20 years in security, I still have a passion for it every day. I am excited at the upcoming challenges and look forward to the taste of success. Intel and our partners have a real chance to change the face of cyber security. I look forward to being a part of the team.
Although my job is changing I will still maintain my consistency of purpose, still doing what I love to do…
- Advocating cyber security throughout the industry, regardless of vendor
- Helping develop innovative security products and capabilities
- Talking openly about cyber security, helping others, wherever and whenever I can
- Blogging, speaking at conferences, meeting and sharing my time with the industry
- Peering into the future of the industry to identify emerging threats, valuable opportunities, and likely attacks. Looking back, these were my 2013 predictions and looking forward are my 2014 predictions
Now, if I can just figure out how to update my business cards…
Matthew Rosenquist is an information security strategist, with a passion for his chosen profession. Benefiting from nearly 20 years of experience in Fortune 100 corporations, he has thrived on establishing strategic organizations and capabilities which deliver cost effective information security services.
Meet him in person at The Arizona Technology Council Cybersecurity Summit on May 7thin Scottsdale
Find him on Linkedin
Follow him on Twitter (@Matt_Rosenquist)
Follow his blog at Information Security Strategy
Check out his previous posts and discussions