Nancy Wang – Medill National Security Zone http://nationalsecurityzone.medill.northwestern.edu A resource for covering national security issues Tue, 15 Mar 2016 22:20:28 +0000 en-US hourly 1 Q&A: Former Director of Investigations at Microsoft Steve Santorelli http://nationalsecurityzone.medill.northwestern.edu/blog/2015/02/02/qa-former-director-of-investigations-at-microsoft-steve-santorelli/ Mon, 02 Feb 2015 20:43:40 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=20779 Continue reading ]]> Steve Santorelli, former director of investigations at Microsoft and former Scotland Yard detective, said the cybersecurity field is in need of talented individuals and experts.

Steve Santorelli, former director of investigations at Microsoft and former Scotland Yard detective, said the cybersecurity field is in need of talented individuals and experts.

WASHINGTON— Former director of investigations at Microsoft and former Scotland Yard detective , Steve Santorelli is recognized internationally as one of the most vocal proponents of a unified global approach to Internet security and fighting organized cybercrime around the world.

Now serving as the director of intelligence and outreach of a not-for-profit specialized Internet security research firm, Santorelli dedicates most of his time to bringing the federal and private sector together to combat some of the biggest challenges in cybersecurity.

Q: What is the definition of cybercrime vs. cyberthreats and cyberwarfare?

A: There really isn’t a definition. You have the same fundamental crimes that are going on that were going on 200 years ago. You just have a different set of tools. As far as cyberwarfare goes, you’ve got a real sea change in the past five to seven years. You’ve got continuous scrimmages going on from hacktivists to people who are very much aligned with the terrorist-type motives.

People often talk about threat of Internet and SCADA (supervisory control and data acquisition systems). There still hasn’t been a proven instance of a terrorist group attacking the Internet in the traditional attack role. The terrorist groups are extremely good at using the Internet for publicity or recruitment. If you look at terrorist groups such as ISIS, they are really good at social media. We have still yet to see an equivalent of 9/11 using the Internet.

If you ask how vulnerable the U.S. is to cyberwarfare. you got a situation that U.S. is by far, by magnitude, the most exposed in theory because it is so reliable on Internet to create a network of infrastructure. This is why there is so much funding going toward cybersecurity because governments at all levels have realized that the theoretical exposure is pretty significant. It is not an easy fix and it is going to require generational effort to help assure the security.

Q: Are the current cybersecurity laws in place effective? Are there any specific laws missing?

A: In the field of cybersecurity, technology is moving so rapidly that it’s impossible for legislation to keep up. It is a significant issue when you have countries with inadequate legislations, (and) you’ve got other countries that think they have adequate legislations that are basically out of date. You also have to understand that it is simply impossible for a lot of law enforcement to investigate everything that is a crime. You got to pick and choose because you have limited resources and time.

There is not necessarily a law that is missing. The reality is there is a very big antiquated process of law enforcement in one country getting law enforcement information from another country.

Q: In this era of rapidly evolving technology and innovations, what is the level of detective technology for uncovering cybercrime today? How has it changed in the past few years?

A: The level of technical ability for the average cybercrime cop and law enforcement specialists is an order of magnitude better than it was a generation ago. When I first became introduced to the field as a law enforcement specialist, we were awfully unprepared. We had to rely on trusted colleagues in the Internet security community. Whereas now you’ve got cops that are developers, they are actually coming to law enforcement from a career as an IT security specialist primarily, so they speak fluent geek. That’s really important because you’ve got basically Internet security specialists that carry a badge and sometimes a gun as well. The level of skill is massively better than it was before.

In terms of the level of technology, you cannot have this discussion without at least acknowledging the recent surge in debate about privacy and about encryption technology. The reality is that law enforcement officers have certainly had a resurgence to acquire more privacy and more encryption. That is not going to do much to support law enforcement officials to do their work. It is the society’s job to work where that balance lies between law enforcement leading to do what may keep the world safe and individuals’ rights to privacy and to not have their communication compromised.

Q: In the context of the recent cyberhacks and breaches, what do you see as the biggest threat to U.S. cybersecurity in the upcoming years?

A: Not having enough staff to adequately protect the network that needs protection is a primary problem. There just aren’t enough of us. All the other things paled in insignificance because there doesn’t seem to be a massive desire to go into this field. We might have the best intelligence about who is doing hacks out there, we might have the best firewalls and best artificial intelligence to help us, but if we don’t have the human beings to action that intelligence then we are dead in the water.

]]>