President Obama's Cyber Security Executive Order: Heart In The Right Place But Few Teeth

On Tuesday, President Obama issued a Cybersecurity Executive Order, which outlined policies to defend against cyber attacks and espionage on US companies and government agencies. The EO came nearly a year after the proposed and much-hated Cyber Intelligence Sharing and Protection Act (CISPA) got stalled in the Senate. The privacy community sees the CISPA as a great threat to Internet privacy. Many of them are encouraged by this executive order, which stayed away from suggesting changes to privacy laws and regulations.

The salient points of the EO are as follows:

  • The president acknowledged formally that information warfare, at the level of nation states, is ongoing and is a clear and present danger.
  • The government will build a “Cybersecurity framework” with the private sector to share information on cyber attacks and threats, with the goal to reduce Cyber risk to critical infrastructure.
  • The Cybersecurity framework will expand existing government programs to bring more private sector subject-matter experts into Federal service on a temporary basis.
  • Unlike the CISPA, the EO does not carry languages that will change or direct impact privacy laws and regulations.
  • The EO puts forth specific timelines on the publication of the Cybersecurity framework as well as an assessment report on its implication to privacy.
Read more

Kaspersky: A fast growing company that is seeing challenges for the first time


Last week I flew to Puerto Rico to attend Kaspersky’s industry analyst summit (IAS). This is the second year that Kapersky held a global analyst summit. The event is co-located with their security analyst summit (SAS), which is turning into a mini black hat event with attendance from many premier security researchers in the industry. Unfortunately, I only had time for IAS this year.

Kaspersky is an interesting company. In the last 10 years, they came out of nowhere, built a global brand, established their founder Eugene Kaspersky as a cybercrime-fighting celebrity in popular media (see the Vanity Fair and Wired articles on Kaspersky, and the Formula One sponsorship), and at the same time, grew a tremendous business.

As Kaspersky’s CMO, Alex Erofeev, got on stage talking about how the Kaspersky brand, in many parts of the world, is now the third most well-known AV brand behind Symantec and McAfee. I did a bit of Googling. Look what the Google trends graph below shows (search volume from 2004 to 2013) -- not only the global search volume for “Kaspersky” has increased over the years, it has surpassed “Symantec” and “McAfee”! This is no small achievement for a company that, until two years ago, had no formal B2B marketing function.

Read more