When it comes to cybersecurity, many variables are up in the air “” up to and including its definition. Complicating matters is the still undefined direction of future collaboration between the government and private sector in combating the growing threat. But where others see challenge, Keith Rhodes sees opportunity. As senior vice president and chief technology officer with the Mission Solutions Group for QinetiQ North America, Rhodes is responsible for “architecting” IT solution sets for public and private sector customers. A big part of that strategy comes in looking “into the wild,” collecting information globally from open sources to figure out what attack structures are migrating your way. Rhodes recently debriefed on this strategy “” and how QinetiQ plans to combat the “brave new world” of cybersecurity two years away.
ExecutiveBiz: Cybersecurity means different things to different people. How would you define it?
Keith Rhodes: One of the reasons cybersecurity means so many things to so many people is that it's often carved out as its own thing. The reality is you aren't just protecting cyber. Cybersecurity has to be part of the other layers of mission assurance “” it's necessarily part of that larger mission assurance whole.
ExecutiveBiz: How does QinetiQ provide a holistic approach to cybersecurity?
Keith Rhodes: We're leveraging our existing capabilities in both computer active defense and computer network defense. To understand the opponent we're using the opponent's approach to cyber in order to structure computer network defense. We look out into the Web “” the term of art is, “We look into the wild.“ We collect information globally from open sources, and figure out what attack structures are migrating and use that [information] to build the defenses for our customer. We do global threat prediction in order to do local enterprise protection.
“Cybersecurity has to be part of the other layers of mission assurance.” “” Keith Rhodes
ExecutiveBiz: How can government help industry better address cybersecurity threats?
Keith Rhodes: Government can help in two ways, by (1) sharing information, and (2) putting money against cybersecurity. At the moment, it's difficult for industry and government to share information because everybody worries about what everybody else will do with the information. If we are going to have a real partnership, that means we have to work together as complementary equals. As far as monetary incentives go, nothing is a better incentive than getting paid to protect the operating environments. Even though we are in the business of national security, we're also in business. We're for profit; we have to answer to board rooms and stockholders.
ExecutiveBiz: What questions should CTOs be asking their IT partners to strengthen cybersecurity?
Keith Rhodes: If you go to an IT department and you ask, “Are we alright “” is our environment reliable, available, survivable, and secure?“ the answer usually comes back “yes.“ It's the follow-up question that's the hard one: “How do you know?“ Usually you don't know. The company has two mission profiles: to support customers and remain viable as a business. You have to be able to answer your own cyber integrity questions from both perspectives, and the answer had best be “yes.“ You had better know why you can say “yes“ and what you're measuring in order to get to yes. When you look seriously at your environment, you usually find that you don't know whether it's reliable, available, and secure.
ExecutiveBiz: What will cybersecurity look like in two years?
Keith Rhodes: It'll be more complicated, that's for sure. The migration to Internet Protocol Version 6 (IPV6) from IPV4 means we'll move away from fixed asset environment to a totally mobile set of devices. The end points of the network will be your fingertips wherever they are, not your fingertips sitting on a keyboard in your office, in a fixed place. As you move to this new infrastructure, what does that do? Now you no longer have a fixed number of devices; you are discovering devices, devices are going away, and others are taking over the peer structure for command and control of the network. That complicates security because the number of devices “” part of network discovery “” is an important piece of securing your network.
ExecutiveBiz: And in that brave new world, what will be QinetiQ North America's role?
Keith Rhodes: We will help our customers with mission assurance. We will help them understand how they can protect “”not secure, protect “” their networks so they can accomplish their mission even under attack. We will give them both risk assessment and tools for security. And I think we're going to be able to give them something new: prediction. We'll help them see the threat coming in better than real time. Real time isn't going to be good enough “” that's just observation. We will be going beyond observation to forecasting.
ExecutiveBiz: What is something most people don't know about you personally?
Keith Rhodes: I'm a motorcycle rider.
ExecutiveBiz: Harley Davidson?
Keith Rhodes: No, Kawasaki 650, sport bike. It's just like in business ““ if you're on the Beltway, you better be agile or somebody's going to cream you.
ExecutiveBiz: How often do you ride?
Keith Rhodes: As often as the weather lets me, which hasn't been very much this season. We've been rather wet but still I slugged it out with the rain. I know it doesn't make me the toughest guy in town but the coldest weather I ever rode in was 28 degrees with a 15-mile an hour cross wind so it was pretty chilly. I like it better when it is warm and sunny.
Where do you see cybersecurity two years from now? Share your comments here.
Interview conducted by JD Kathuria
Read more interviews here: https://blog.executivebiz.com/category/interviews/