Commentary | February 28, 2013

Deloitte's Harry Raduege Assesses Critical Cyber Challenges

Harry D. Raduge, Jr. is the chairman of the Deloitte Center for Cyber Innovation and a member of the EastWest Institute's President's Advisory Group. He recently spoke with EWI’s Isaac Molho about a number of critical cybersecurity issues, including: the rise of cyber breaches; the Obama administration's recent executive order; and the importance of priority international communications in times of crisis. 

As you know, EWI has released a policy report on Priority International Communications (PIC). Could you please give an overview of the most recent efforts to implement international, uniform PIC standards? What are the advantages of doing so?

International network standards need to be implemented so that a priority call, in a time of emergency when communications are limited in certain areas, would be transparently transferred across a border into another country and would enjoy that same level of priority service in each country involved.

We’ve established, over a decade or so, the critical agreements, standards, policies and regulations that would allow us to implement priority international communications, not only with hardware but also with software. The problem has been that forward movement in agreement or even recognition of these elements has stalled, and I think the major reason is that there is a low probability that we will experience a major catastrophe involving international proportions. But history has shown that when a major catastrophe does occur, everyone usually wishes they had implemented a solution earlier.

Harry Raduege Speaks at the EastWest Institute's 3rd Worldwide Cybersecurity Summit in New Delhi:

Do you think private sector stakeholders with sensitive, confidential data, like law firms, are sufficiently aware of the threats that are out there?

Private sector stakeholders with sensitive, confidential data now are becoming increasingly aware of the cybersecurity threats that are ever present and growing on a daily basis. Frankly, only within the last few years have private organizations and stakeholders been made aware of the growing intensity of cybercrime and cyber espionage, where sensitive, confidential information is being stolen by others for their competitive advantage and benefit.

Could you elaborate on some of the measures to reduce this risk of damages arising out of cyber attacks?

There are a number of procedures available to effectively detect and isolate cyber-related threats and attacks and it is most important to manage the risks associated from potential damage. We have an overarching need now, both in government and industry, to gain advanced threat detection and dynamic situational awareness through continuous network monitoring of what is going on in the particular network enterprise for which we’re responsible: what software is installed, who’s using our network, what information is being extracted from our enterprise and where is that information going? These are questions that leaders in various organizations—both public and private—are now asking of their cybersecurity professionals, and they are demanding answers because cybercrime is on the rise.

What are your thoughts on the Obama Administration’s executive order on cybersecurity? The elephant in the room seems to be state-sponsored cyber warfare.

Nation state sponsored activity is certainly one of the elephants in the room; it can gain tremendous insights and intelligence through espionage and by injecting insidious pieces of malicious software. At risk is intellectual property, personal identity information, credit card numbers, bank account numbers and other highly sensitive information. These sophisticated attacks could be used not only against targeted government activities, companies or industries, but also against private citizens.

Cyber intrusions are a multi-spectrum problem: everything from state-sponsored espionage, which could lead to a devastating terrorist attack, throughout the full spectrum of cybercrime and malicious software injection, all the way down to private citizens being taken advantage of and relieved of their personal resources and reputation.

There’s currently a serious shortage of cybersecurity experts in the U.S. What can be done to ensure that the next generation of policymakers and engineers have a deep understanding of these issues?

I think this is a problem that we have been facing in the United States for quite some time. There’s been a propensity for people to stay away from the hard-core educational studies involving science, technology, engineering and math, the STEM disciplines. Those are areas that can provide career avenues through gained insights leading to very lucrative careers in cybersecurity related activities.

The sophistication of cyber attacks against us is growing in intensity. Everyone now has to protect themselves and their organizations against cyber intrusions; the threat is growing in intensity and we cannot have enough trained individuals. This is something that we need to emphasize, not only within our higher educational institutions, but also in the elementary, middle and high school levels of education.