Cyber security: In search of cyber confidence

Work with cyber threats rather than being paralysed by them, says CSC’s Sam Visner

One of the largest US defence contractors, Computer Sciences Corp (CSC), has provided traditional IT solutions since 1959, but is now moving in the direction of cyber, cloud computing and Big Data.

Sam Visner, vice-president and lead cyber executive at CSC, sees cyber as becoming “an explicit component” of the company’s strategy and an area that is changing the shape of its services portfolio, enabling it to take into account platforms such as mobile and new types of threats such as those to critical infrastructure. 

Interestingly, the paradigm shift means the company is increasing its traction in the government sector, a space that usually accounts for a only third of its revenue.

“In terms of cyber, the dollar value of the work done for the federal government is larger, although we’re gaining momentum in the private space too,” says Visner. “The US government sees cyber security as an issue of national importance and spending in this area has increased steadily. 

“However, as cyber becomes a more prominent issue our aim is to leverage our expertise in the federal sector and use it to strengthen our position in the commercial space.”

Visner identifies several hot areas for business: protecting against the theft of IP and personal information, managing large infrastructure such as a smart grid and preventing social media from being used to promote cyber threats.

The omnipresence of threats means organisations should strive to achieve what Visner calls “cyber confidence” – a situation in which they can pursue their business operations in the presence of threats rather than seeking their elimination, which is a process that will never end.

“There’s been a recent rise in cooperation, information-sharing and awareness between the commercial and federal sectors,” says Visner. “However, there’s also been a growth in the sophistication of cyber threats, with non-signature-based ones becoming prominent. Advanced persistent threats really show how cyber attacks are becoming a warfare-like tool.”

The sophistication of cyber threats is “growing more quickly than the ability of any public or private response”, he warns. This rising level of complexity is facilitated, in part, by the relative inability of law enforcement to target cyberspace adequately, in particular in those countries that can be complicit in cyber attacks.

CSC has made several cyber security-related acquisitions including, most recently, 42Six Solutions LLC, a Big Data and analytics software development company, and UK-based security consultancy Lyric Associates.

“We don’t want to acquire technologies that are going to become obsolete quickly,” Visner stresses. “This is why we’re looking to the future and are interested in companies that could help us gain an understanding of the cyber security of critical infrastructure. 

Threats against critical infrastructure are not being taken seriously enough, at least in the private sector. 

That said, the US government has realised that those systems rely heavily on IT, and has developed a control system and an emergency team to be able to respond to potential threats.”

Visner also says that non-signature-based threat is a major area of interest to cyber specialists. 

“Current commercial anti-virus software is only effective against the most obvious types of threats, and then only on some platforms, so there is definitely a big opportunity open to us,” he concludes.