ad layout 1 7/10/2017 1:29 pm page 2€¦ · ad_layout 1 7/10/2017 1:29 pm page 2. ad_layout 1...
TRANSCRIPT
AD_Layout 1 7/10/2017 1:29 PM Page 2
AD_Layout 1 7/10/2017 1:29 PM Page 3
CISO MAG | July 2017
INDEX
BUZZAutomotive Cybersecurity: A New Marketwith a Distinct Challenge
IN THE SPOTLIGHTAn Interview with Manish Tiwari
INSIGHTGDPR: What’s in Store for Businesses
COVER STORYSecuring Smart Cities
TABLE TALKFew Minutes with Heath Renfrow
IN THE HOTSEATHigh-Profile Appointments in theCybersecurity World
IN THE NEWSTop Stories Related to Cybersecurity
EVENT FOCUSA Curtain Raiser to Hacker Halted
KICK-STARTERSStartups making waves in theCybersecurity World
KNOWLEDGE HUBDemystifying Dark Web: AnOrganizational Point of View
VIEWPOINTTrust the Cloud and Carry Your Umbrella
PROFILEA Peak into Ixia’s Offerings
COLLABORATIONSFamous Collaborations in theCybersecurity World
TECH TALKBug Bountry Programs: Closing SecurityGaps
14
20
24
30
36
39
46
49
54
57
60
62
66
08
14
24
20 54
Page 04_Layout 1 7/10/2017 1:26 PM Page 4
With the fabric of our societynow defined by thetechnology we use, the issueof cybersecurity has becomemore important than ever.Time and again, majorcybersecurity breaches haveshaken up the world, servingas wake-up calls forauthorities and individualsto initiate measures toimprove the security andstability of the cyberspace.
The threats we foresee arenot expected to cease andone can only expect touncover more calculated
attacks on a wider scale. Therefore, there is a continuous need forproviding unbiased and useful information to the professionals workingto secure critical sectors. To provide cybersecurity experts key informationand analysis to tackle critical security challenges, we have CISO MAG, aninformation security magazine for best practices, trends, and news.
This issue’s cover story features smart cities, a topic that has been gainingattention around the world. The story discusses the importance of thesecurity of smart cities, and explores the impending threats inherent toadded technology and the need for standardization.
Move on to the Buzz section of this issue where we discuss vehiclehacking. The era of connected cars is upon us. Modern day cars aresupercomputers with accelerator pedals, transmission, and brakes thatcan be connected to your phones. Some phone apps can even summoncars from your garage. But phones and computers can be hacked, the carsare not any less vulnerable as well.
In the Under the Spotlight section, we interview Manish Tiwari, CISO ofMicrosoft India, who is a result-driven cybersecurity professionalresponsible for various IT security initiatives in the Indian Navy and laterin Microsoft India.
The magazine comprises a host of other informative features that lookcybersecurity from an all-encompassing perspective—regulations,workforce development, partnerships, and much more.
Tell us what you think of this issue. If you have any suggestions,comments, or queries, please reach us at [email protected].
Volume 1 | Issue 1 | July 2017
EditorialInternational Editor Amber Pedroncelli
Senior EditorRahul Arora
Feature WriterAugustin Kurian
DesignDesign Head and Visualizer
MSH Rabbani [email protected]
DesignerSurendra Bitti
ManagementBusiness Head
Apoorba Kumar*[email protected]
Sales ManagerBasant Das
TechnologyChief Information Security Officer
Subrahmanya Gupta [email protected]
Director of TechnologyRaj Kumar [email protected]
Information Security SpecialistManoj Kakara
EDITOR’SNOTE
* Responsible for selection of news under PRB Act. Printed & Published by Apoorba Kumar, E-Commerce Consultants Pvt. Ltd. and printed at G97 Network Pvt. Ltd., Editor: Rahul Arora. The publishers regret that they cannot accept liability for errors & omissions contained in this publication, howsoever caused. The opinion & views contained in this publication are not necessarily those of thepublisher. Readers are advised to seek specialist advice before acting on the information contained in the publication which is provided for general use & may not be appropriate for the readers’ particularcircumstances. The ownership of trade marks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system, or transmitted in any form without thepermission of the publishers in writing.
Page 05_Layout 1 7/10/2017 6:16 PM Page 5
CISO MAG | July 2017
ADVISORY BOARD
Curtis is a proven technologist with over 25 years of experience in cybersecurity/defense,continuity/recovery of operations, and information governance. He is an expert in designing andimplementing strategic and tactical information security architectures and best practices fororganizations with a wide variety of risk postures in complex and distributed environments.Curtis has served with distinction, two sitting presidents of the United States, two chairmen ofthe joint chiefs of staff and the chief justice of the United States.
Curtis LevinsonPrivate Consultant and United States Cyber Defense Advisor to NATO
Selim has over 20 years of computer and financial industry experience, and was named by the ITSecurity Magazine as one of the "Top 59 Most Influential Security Experts.” He has published over30 journal and conference papers and co-authored the book Security for Mobile Networks andPlatforms. Selim has over 100 patents filed, and has previously worked with Visa as vicepresident of Global Information Security and headed Strategic Planning for eCommerce, Security,Manageability, Content Protection, Enterprise & Virtualization for Intel.
Selim AissiChief Information Security Officer, Ellie Mae
The former CISO of Cox Communications, VeriSign, and SecureIT, Phil helped transform securityat GE, Alcatel, Scientific-Atlanta, Cisco, and Dell. He has influenced the privacy, cybersecurity,and IT industries for almost 30 years through his leadership and influence in policy/standardsbodies and industry think tanks. He has shaped payments security on the PCI Security StandardsCouncil Board of Advisors and FS-ISAC PPISC Steering Committee.
Phil AgcaoiliSenior Vice President, U.S. Bank, and Chief Information Security Officer, Elavon
CISO MAG is honored to have an Advisory Board thatcomprises some of the foremost innovators and thoughtleaders in the cybersecurity space. The board membersprovide us the strategic advice regarding the magazinegeneral direction, including shaping our editorial content,identifying important topics and special issues,moderating discussions, and helping to create initiativesthat benefit the industry at large.
Page 06-07_Layout 1 7/10/2017 12:02 PM Page 6
CISO MAG | July 2017
ADVISORY BOARD
Betty has over 35 years of experience in information technology (IT), networks, applicationdevelopment, information security, cybersecurity, privacy, cloud services, risk management,compliance, certification and accreditation, information assurance, and other security or privacyassessments. A subject matter expert in security authorization and regulatory complianceincluding NIST, FedRAMP, and international regulations, her certifications include CISSP, ISSMP,CAP, CIPP/US, CIPP/G, NSA-IAM, NSA-IEM, C|CISO, and CIPM. She designed and implemented thefirst cybercast from the White House and led the team that won the Hammer Award forExcellence from Vice President Al Gore.
Betty LambuthPrivate Consultant
Prashant is an internationally renowned cyber law and cybersecurity expert, author and alawyer based out of Mumbai, India. He has been awarded as the Cyber Security Lawyer of theYear-India by Financial Monthly magazine of UK (2016). He has also been awarded as CyberSecurity & Cyber Law Lawyer of the Year 2014 by Indian National Bar Association.
Prashant MaliInternational Cyber Law and Cybersecurity Expert
Sunil has over 22 years of leadership experience with renowned companies in Banking, Telecom,ITES and Manufacturing in Middle East, United States and India. He has participated in variousadvisory forums globally, and has published and presented several articles related to informationassurance. Two of his patent application on information security is currently in consideration.
Sunil VarkeyChief Information Security Officer, Wipro Technologies
Tammy not only secures and protects Venafi, she also collaborates globally to help CIOs andCISOs fortify their strategies to defend against increasingly complex and damaging cyberattacksagainst the trust established by cryptographic keys and digital certificates. Tammy’s professionalexperience, leadership, and recognized domain expertise as the CISO of Global 250 companieswill help fellow CISOs defend their organizations. A veteran in information technology, she isnoted by her peers to be a results-driven and passionate executive leader.
Tammy MoskitesChief Information Officer and Chief Information Security Officer, Venafi
Magda calls herself a cyber feminist and a cyber evangelist. She is involved in public speakingand international conferences as a keynote speaker where she addresses industries' challengeswith cybersecurity as well as diversity in the sector and the presence of women. In addition ofmanaging her business, she acts as chief information security officer for various companies. Shespeaks five languages fluently, and has a PhD in Telecommunication Engineering with asubsequent specialization in cybersecurity with a CISSP certification.
Magda ChellyManaging Director, Responsible Cyber Pte
Page 06-07_Layout 1 7/10/2017 12:02 PM Page 7
CISO MAG | July 2017
BUZZ
8
AUTOMOTIVECYBERSECURITY: A NEW MARKET WITHA DISTINCT CHALLENGEAugustin Kurian
Page 08-12_Layout 1 7/10/2017 12:09 PM Page 8
Innovation in the automotiveindustry has led to a scenariowhere a car being manualmay simply mean it has asteering wheel. Oncecomposed of onlymechanical and electrical
parts, cars have now turned intocomplex systems that comprisesensors, microprocessors, software,and much more.
The proliferation of autonomousvehicles means that microprocessorsand sensors will soon take a muchmore active role in driving cars.However, even before self-drivingcars become commonplace, moderncars are already vulnerable tohackers via in-car technology like Wi-Fi. These “connected cars” arebecoming standard. In 2015, therewere around 6.5 million connectedcars on the road and by 2017, thefigure almost doubled to 12.5 million.According to estimates, there will beas many as a quarter billionconnected vehicles on the road by2020.
This new technology has also openeda floodgate of security threats. Whileyou might be behind the wheel,potentially vulnerable softwarecontrol your car’s functions. “There isalmost nothing in your car that is notmediated by a computer,” saidProfessor Stefan Savage, Departmentof Computer Science, UC San Diego,while speaking to Motherboardmagazine for a short documentaryon car hacking.
Fear of car hacking has not yetpenetrated the general population’spsyche, as demonstrated by a 2016Kelley Blue Book survey of drivers.The results of the survey show thatamong its sample size, very fewdrivers fear car hacking and mostconsider connected apps and Wi-Finetworks nice features to have.
Worries over security have also notslowed down the pace at whichconnectivity features continue to berolled out due to the real benefits allthis technology can bring with it.Connectivity technologies incommercial vehicles not onlyimprove efficiency and streamlinelogistics, they also lower occurrences
CISO MAG | July 2017
9
BUZZ
“There is almostnothing in your car thatis not mediated by a
computer,” saidProfessor Stefan
Savage, Department ofComputer Science, UC
San Diego, whilespeaking to
Motherboardmagazinefor a short documentary
on car hacking.
Page 08-12_Layout 1 7/10/2017 12:09 PM Page 9
CISO MAG | July 2017
BUZZ
of road accidents and reducepreventive maintenance costs.Incorporating connectivitytechnologies can also reduce 62percent of all trucking costs, it isestimated.
A REAL THREATVehicle hacking isn’t just a theory orseen only in Hollywood movies. In2016, Nissan had to shut down itsproprietary app NissanConnected EVfor its Leaf line-up after it was foundthat hackers could access the cars’climate control and other batteryoperated features to drain thebatteries. Also, in 2015, automakerFiat Chrysler had to issue a recall foralmost 1.4 million vehicles after
researchers Charlie Miller and ChrisValasek of Wired demonstrated awireless hack on Jeep GrandCherokee, taking over the controls ofthe dashboard, steering wheel,powertrain, and even the brakes.
Recently, WikiLeaks releaseddocuments blowing a whistle on theCIA suggesting journalist MichaelHastings’s fatal car crash wastriggered by a car hack. In2013, Hastings diedafter the car hewas drivingabruptlysped upandcrashedinto a
tree. The media has largely coveredthis idea as a fringe conspiracytheory, but many of the details areconsistent with how a hacked carcould behave.
REGULATORS, INDUSTRYRESPONDAutonomous vehicles are no longer apipe dream and all vehicles soon willcome with smartphone connectivityembedded into their systems.
Fortunately, all manufacturersprioritize the satisfactionand safety of theircustomers. Theburgeoning field ofautomotivecybersecurity will grow
10
Page 08-12_Layout 1 7/10/2017 12:09 PM Page 10