Skip to content
Subscriber Only

How the Experts Would Fix Cyber Security

A new brand of warfare is under way. Our five experts discuss the best defenses
From left: Joseph V. DeMarco, Barrett Brown, Alan Paller, Robert Rodriguez, and Jason Brvenik
From left: Joseph V. DeMarco, Barrett Brown, Alan Paller, Robert Rodriguez, and Jason BrvenikPhotograph by Guido Vitti for Bloomberg Businessweek

Cyber crime is increasing in frequency and severity. What can be done to reduce the risk to individuals, businesses, and governments? In this installment of our quarterly series, that’s the question Bloomberg Businessweek Chairman Norman Pearlstine put to an all-star cast of security experts: Barrett Brown, author and activist, formerly associated with the hacktivist group Anonymous; Jason Brvenik, vice president of security strategy at Sourcefire; Joseph V. DeMarco, partner at technology law firm DeVore & DeMarco; Alan Paller, director of research at cyber training school SANS Institute; and Robert Rodriguez, chairman of the Security Innovation Network and senior adviser to the Chertoff Group. Their conversation has been condensed and edited.
Pearlstine: How big an issue is cyber security at this point? What are we really talking about? Is this an annoyance for business, or is it profoundly important?
Rodriguez: Our nation is going through the greatest transfer of wealth in the history of mankind. And it’s because of the increasing vulnerabilities within our systems.
Paller: There is a lot of intellectual property going abroad. But that’s not really the big issue. The big issue is: When you send out a weapon, you want to have control of it. The great risk to the nation is the predators aren’t owned by us, the satellites aren’t owned by us, the missiles aren’t owned by us. That keeps me up at night.

Barrett, does that resonate with you?
Brown: We can divide the risk that we’re facing into two different categories. One is the conventional conflicts we’ll have with nonstate actors outside of the U.S. and with other nations. The other risk is the externalities that always come from any new enterprise. And within the cyber industrial complex, as some of us now call it, we have a great deal of externalities that are not getting attention from the media in a sufficient fashion, and they’re not getting any degree of attention from Congress. Even when a few congressmen do raise questions about it, such as when they ask the NSA, “How many Americans are being spied upon in your wireless wiretap program?” and they get denied an answer… As is always the case, there’s more concern among those calling the shots with external threats than there is with their own behavior.